https://zerodium.com/program.html
"the research becomes the exclusive property of ZERODIUM and you are not allowed to re-sell, share, or report the research to any other person or entity." Opensource Unix Foundations should strongly consider forming open collaborative crowdfunding and paying similar to openly acquire and fix exploits thus keeping them from going into secret blackholes which are often used directly against their very own users requiring, and in, security sensitive environments (be they corp, gov, personal, edu, ngo, biz, research, journalism, etc...), reducing continued exploitation of the work, users, and infrastructures of Opensource Unix OS projects through using bounties to identify improving production, review, security, audit, coding, feedback models in same. "Many ... have bug bounty programs for those who want the exploit used for defensive purposes, ie fixed... but they pay orders of magnitude less. *This is a problem.*" -- Bruce Reassert and 0wn the problem. _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
