Date: Wed, 6 Mar 2019 17:38:34 -0500 From: grarpamp <grarpamp@gmail.com> To: freebsd-questions@freebsd.org Cc: freebsd-security@freebsd.org Subject: BSD and Linux so easy to exploit that Zerodium pays just $50k for uid0 Message-ID: <CAD2Ti283ps1CmRZfCThsROPQZwMycbnWibddXpFfz0pxN_2gRg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
https://zerodium.com/program.html "the research becomes the exclusive property of ZERODIUM and you are not allowed to re-sell, share, or report the research to any other person or entity." Opensource Unix Foundations should strongly consider forming open collaborative crowdfunding and paying similar to openly acquire and fix exploits thus keeping them from going into secret blackholes which are often used directly against their very own users requiring, and in, security sensitive environments (be they corp, gov, personal, edu, ngo, biz, research, journalism, etc...), reducing continued exploitation of the work, users, and infrastructures of Opensource Unix OS projects through using bounties to identify improving production, review, security, audit, coding, feedback models in same. "Many ... have bug bounty programs for those who want the exploit used for defensive purposes, ie fixed... but they pay orders of magnitude less. *This is a problem.*" -- Bruce Reassert and 0wn the problem.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD2Ti283ps1CmRZfCThsROPQZwMycbnWibddXpFfz0pxN_2gRg>