Security Research and Blackmail

harryjohnston alerts us to a story picked up by a few bloggers in the security space. A Russian security research company, Gleg, has discovered a zero-day in the latest version of RealPlayer 11. But they won't reveal details to Real, or to CERT, despite repeated requests. Details are available only to their clients who pay a lot of money for early access to such knowledge. To describe Gleg's business model Daniweb rather cautiously puts forward the word "blackmail." The story was first exposed in Ryan Nariane's Securitywach blog.

One sure way

[bherman]

I bet if they opened up their source code someone would be nice enough to look it over and tell them what they find. Too bad they're closed source. Oh well.

Re:Intellectual Property

[Blkdeath]

And FYI, lock smiths don't charge for emergency situations; a lock smith will charge you $40 or so just to pop open the lock on your car if you lock your keys in, but if you've locked a kid in the car they go out immediately and do it for free (if not, don't deal with them anymore, find someone else; all the ones I've seen do). It's part of responsible use of your skills.

Why should they? You're telling me that because you were so callous as to lock your child in your car you should get free assistance to let them out? They have to waste their time, energy and fuel to get to your location, provide their valuable skills to you and you expect them to do this for FREE??! What world are you living in?

Re:Intellectual Property

[tha_mink]

Great analagy! Lets work with that. Actually, it's a poor "analagy". A better one would be a software security company figuring out how to keep their clients safe from poorly written software. Oh wait...that's not an "analagy" at all.