Kinda scary...

Now this has been touched on before by yours truly in my article "Responsibility when disclosing Microsoft Vulnerabilities...hrm...". Well...all I said stands true now as much as it did then. However, now that selling vulnerabilities is coming more into the light...there is more concern over the whole disclosure issue between those that find vulnerabilities and software companies. In the article "Bug brokers offering higher bounties" @ Security Focus there is a new trend of people opting to be brokers in vulnerability disclosure...highest bidder wins kind of stuff. If this doesn't open the door to things such as corporate espionage and other illicit things...I don't know what will. However, as stated in the past...it looks more and more like software developers will have to work just a bit harder to check the security of their software and/or break out the gidas (slang for cash) to get their hands on such things. It is a sad situation for all...and it will be the end users to pay the final price if this continues with raised software prices to compensate for this brokering of vulnerabilities. Very interesting read!