Here’s one blog post worth revisiting.

On Monday, Rahul Kashyap took TippingPoint’s ZeroDay Initiative to task for paying researcher Dino Dai Zovi $10,000 for a flaw he disclosed at CanSecWest.

That incident reached its zenith when Gartner analysts made their feelings clear on hacking contests and vendor association with them.

What’s more interesting than the post is the discussion it set off between Kashyap and Terri from TippingPoint – two opposing sides of the debate on vulnerability disclosure ethics. And don’t overlook Thomas Ptacek’s challenge to McAfee to link to its own code of conduct.

It’s also worth clarifying that the nCircle commentary - the one slamming ZDI - quoted in the post is from August 2005. In relation to the flaw purchased at CanSecWest, nCircle has been supportive of TippingPoint’s efforts.