tag:blogger.com,1999:blog-13756280.post115720573635802341..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: Vulnerability "discovery" more important than disclosureJeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-13756280.post-3559381120365707602007-03-13T07:43:00.000-07:002007-03-13T07:43:00.000-07:00"I wonder when we ever had the legal right to test..."I wonder when we ever had the legal right to test others' production systems." <BR/><BR/>I meant that from the perspective that security researchers in the past could test "important" software on their own machines. Today's important software now runs on someone elses machine, hence the loss of ability.<BR/><BR/>"I would argue 10 out of 10 have vulnerabilities."<BR/><BR/>If you restrict your sample set to non-static non-brochureware websites sure. I have hopes there might be one "secure" website out there in the world. :)<BR/><BR/>"Testing custom web apps without the owner's permission is similar to me attempting to break in to your company's mail server. It doesn't seem very white-hat to me."<BR/><BR/>My point is on the larger popular websites, they are getting banged on by thousands of people 24x7x365 anyway. Legal or not. If an organization is able to pull some vulnerabilities out of circulation for a nominal fee, then why not? Best bring whomever they can onto their side.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-82198682577485596582007-03-12T21:07:16.205-07:002007-03-12T21:07:16.205-07:00This comment has been removed by the author.Drew Hintzhttps://www.blogger.com/profile/13737602776720884429noreply@blogger.com