The sentiment pops up periodically (in different forms) and it seems like CansecWest this year has seen a resurgence of it.. From Charlie Millers comments on the Safari bug:
“Did you consider reporting the vulnerability to Apple?
I never give up free bugs. I have a new campaign. It’s called NO MORE FREE BUGS. Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away. Apple pays people to do the same job so we know there’s value to this work. No more free bugs.”
to the art captured by Garett Gee:
(Alex Sotirov && Dino Dai Zovi)
As usual this sparks loud debate on both sides. Ross Thomas from SophosLabs came out loudly against Miller for being “so breathtakingly cavalier about the safety of my data and the privacy of my personal information” (sic)
Personally i must confess that i find Rosses reasoning pretty dodgy, but i recall having a similar discussion at 04h00 in the morning with singe in a Las Vegas food court..
PS. oh.. almost forgot, it doesnt matter which side of the argument-line you fall on, you have to give props to Internet Security’s latest rockstar – the hax0r known as Nils for his elite browser trifacta [Safari|IE8|Firefox]
PPS. Oh.. can we please stop people talking about how the machines were hacked in X seconds. It makes a good headline, but its annoying..