BSD and Linux so easy to exploit that Zerodium pays just $50k for uid0
grarpamp at gmail.com
Wed Mar 6 22:38:37 UTC 2019
"the research becomes the exclusive property of ZERODIUM
and you are not allowed to re-sell, share, or report the research
to any other person or entity."
Opensource Unix Foundations should strongly consider
forming open collaborative crowdfunding and paying similar
to openly acquire and fix exploits thus keeping them from going
into secret blackholes which are often used directly against their
very own users requiring, and in, security sensitive environments
(be they corp, gov, personal, edu, ngo, biz, research, journalism, etc...),
reducing continued exploitation of the work, users, and infrastructures
of Opensource Unix OS projects through using bounties to identify
improving production, review, security, audit, coding, feedback
models in same.
"Many ... have bug bounty programs for those who want
the exploit used for defensive purposes, ie fixed... but they
pay orders of magnitude less. *This is a problem.*" -- Bruce
Reassert and 0wn the problem.
More information about the freebsd-questions