Related link: http://blog.ncircle.com/archives/2005/05/trafficking_in.htm
I love to read every single debate about vulnerability disclosure, since they can get soooo fierce so that it becomes funny. Here is one latest shot: “People who traffic in non-public exploits are morally reprehensible.”. Are they, really? What is they are just making a living?
I don’t want to take sides in this one (may be hazardous to one’s health), but read up this argument written by an employee of a vulnerability scanner vendor. I can see how it can lead him to refer to people who profit from their legitimate technical skills as “pimping knowledge” …
Oh Man
I was really talking about being open with knowledge and sharing it with everyone. Honestly, I'm surprised the umbrage people have taken with that particular issue. One can earn a living from legitimate technical skills while still putting their knowledge into the public domain.
'Reprehensible' is meant as 'deserving of moral rebuke'. That's all. In no way am I casting dispersions on peoples skills. But if you hoard knowledge, I think that's lame.
Oh Man
Well, I was not really against what you said. I was merely questioning such a dramatic position. People can choose to share knowledge, they can choose to sell it and, I suspect, they can hoard it. I was just saying that IMHO it has nothing to do with morality...
Oh Man
Fair enough. Perhaps it's because I define it as part of my moral code that I feel so strongly about it.