Comments on: Can I make a suggestion? http://spiresecurity.com/?p=496 Risk and Cybersecurity Analysis Wed, 21 Aug 2013 23:28:51 +0000 hourly 1 http://wordpress.org/?v=3.5.1 By: Pete http://spiresecurity.com/?p=496&cpage=1#comment-779 Pete Thu, 15 Dec 2005 05:57:07 +0000 http://spiresecurity.com/blog/?p=496#comment-779 @Chris – I guess the word “extremely” is debateable, but nobody in their right mind would suggest that the level of risk on the Internet doesn’t increase with new vulnerabilities found (there is clear evidence here), so I think it is reasonable to call that “detrimental.”

]]> By: Chris Walsh http://spiresecurity.com/?p=496&cpage=1#comment-778 Chris Walsh Thu, 15 Dec 2005 03:52:25 +0000 http://spiresecurity.com/blog/?p=496#comment-778 Of course, that “it is extremely detrimental to Internet users overall” is not at all a settled question.

]]> By: Pete http://spiresecurity.com/?p=496&cpage=1#comment-777 Pete Sun, 11 Dec 2005 17:08:07 +0000 http://spiresecurity.com/blog/?p=496#comment-777 @Dominic -

Good point – I should clarify. My point was that bughunters shouldn’t hunt bugs because it may not be worth it (at least according to the point made in the excerpted article).

But I also don’t want them doing it even if it is worth it, because there is a huge externality there – it may be worth it to the researchers even though it is extremely detrimental to Internet users overall.

]]> By: Dominic White http://spiresecurity.com/?p=496&cpage=1#comment-776 Dominic White Sun, 11 Dec 2005 07:11:55 +0000 http://spiresecurity.com/blog/?p=496#comment-776 That’s a bit dangerous. If we are going to push the ‘only do it if it is worth it financially’ line then it is going to be hard to argue against unethical disclosure glory hounding in an effort to promote your new shiny vulnerability research lab.

]]>