From: Joanna Rutkowska <joanna@invisiblethingslab.com>
To: Keir Fraser <keir.xen@gmail.com>
Cc: Matt Wilson <msw@amazon.com>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
George Dunlap <George.Dunlap@eu.citrix.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
Lars Kurth <lars.kurth@xen.org>, Jan Beulich <JBeulich@suse.com>
Subject: Re: Security discussion: Summary of proposals and criteria (was Re: Security vulnerability process, and CVE-2012-0217)
Date: Mon, 09 Jul 2012 15:40:38 +0200 [thread overview]
Message-ID: <4FFADF56.7010206@invisiblethingslab.com> (raw)
In-Reply-To: <CC209C99.38023%keir.xen@gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 1029 bytes --]
On 07/09/12 15:35, Keir Fraser wrote:
> On 09/07/2012 14:25, "Joanna Rutkowska" <joanna@invisiblethingslab.com>
> wrote:
>
>>> >> If you're into security industry (going to conferences, etc) you
>>> >> certainly know the right people who would be delight to buy exploits
>>> >> from you, believe me ;) Probably most Xen developers don't fit into this
>>> >> crowd, true, but then again, do you think it would be so hard for an
>>> >> interested organization to approach one of the Xen developers on the
>>> >> pre-disclousure list? How many would resist if they had a chance to cash
>>> >> in some 7-figure number for this (I read in the press that hot
>>> >> bugs/exploits sell for this amount actually)?
>> >
>> > (Correction: I meant a 6-figure number)
> Thought I was in the wrong end of the business there for a while. ;)
>
>
:) Yeah, I actually re-read my message when reading my 'xen-devel'
folder, and spotted the typo. A few hundred bucks for an exploit --
still not bad IMHO...
joanna.
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 455 bytes --]
[-- Attachment #2: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2012-07-09 13:40 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-06 16:46 Security discussion: Summary of proposals and criteria (was Re: Security vulnerability process, and CVE-2012-0217) George Dunlap
2012-07-08 7:30 ` Joanna Rutkowska
2012-07-09 9:23 ` George Dunlap
2012-07-09 11:31 ` Joanna Rutkowska
2012-07-09 13:25 ` Joanna Rutkowska
2012-07-09 13:35 ` Keir Fraser
2012-07-09 13:40 ` Joanna Rutkowska [this message]
2012-07-09 13:51 ` Tim Deegan
2012-07-09 14:08 ` Joanna Rutkowska
2012-07-12 16:34 ` Stefano Stabellini
2012-07-12 16:47 ` Joanna Rutkowska
2012-07-12 17:00 ` Stefano Stabellini
2012-07-12 17:22 ` Joanna Rutkowska
2012-07-13 18:15 ` Stefano Stabellini
2012-07-14 0:18 ` Security discussion: Summary of proposals and criteria Matt Wilson
2012-07-16 17:56 ` George Dunlap
2012-08-03 17:31 ` Security discussion: Summary of proposals and criteria (was Re: Security vulnerability process, and CVE-2012-0217) George Dunlap
2012-08-06 6:55 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FFADF56.7010206@invisiblethingslab.com \
--to=joanna@invisiblethingslab.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=keir.xen@gmail.com \
--cc=lars.kurth@xen.org \
--cc=msw@amazon.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.