Create an Account
username: password:
 
  MemeStreams Logo

INTELLECTUAL WEAPONS

search

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
INTELLECTUAL WEAPONS
Topic: Computer Security 10:06 am EDT, Jun  8, 2007

Generally speaking, vulnerability details have always been given to the vendor by responsible researchers free of charge. In exchange, vendors generally credit researchers with discovery or assistance. Often vendors will hire their own internal code audit teams instead of waiting for external security researchers to find bugs in their products. These people get paid, but they usually don't get credited for specific vulnerabilities.

The bottom line here is that no one is attempting to extort money out of vendors by holding a gun to their head and demanding payment. Computer Security problems are real, and vendors do need to address them, either by waiting for people to disclose bugs in their products or paying for proactive security analysis, but thats reality. There are a lot of bad people in the world who put a lot of effort into finding and exploiting 0day vulnerabilities in order to deploy spyware or commit various kinds of espionage. These people will find and exploit vulnerabilities in your product if internal audit or external researchers don't get to them first. Generally speaking, the later is a preferable scenario for everyone.

Now enter this company:

We can work with you to generate and enforce intellectual property such as patents relating to fixes for newly discovered, private or zero day security vulnerabilities, weaknesses, or technical flaws that you have found.

We target the intellectual property against the vendors of the vulnerable products and other security providers such as suppliers of intrusion prevention technologies.

You share in the income.

These people are saying: "I have a way to break into networks run by your customers through a bug in your product, and I'm going to publishing it to the world in the patent database, where any criminal can look it up and use it, but you can't fix it unless you pay me."

This seems very much like holding a gun to someone's head and demanding payment.

Whats even more insidious about this idea is that the patent holder has the right to refuse to license their patent at any price... A criminal organization could find a vulnerability, patent it, and use their patent to prevent their victims from fixing the problem.

I'd support legislation explicitly banning this practice.

INTELLECTUAL WEAPONS



 
 
Powered By Industrial Memetics
RSS2.0