Groups argue over merits of flaw bounties

Groups argue over merits of flaw bounties
Robert Lemos, SecurityFocus 2006-04-05

Vancouver, CANADA--Vulnerability researchers, software makers, and security companies that buy information about software flaws found little common ground during a panel discussion on Wednesday debating the merits of vulnerability-purchasing programs.

Expand all | Post comment

Groups argue over merits of flaw bounties 2006-04-06
KF (1 replies)

Re: Groups argue over merits of flaw bounties 2006-04-06
Tom Ferris

Groups argue over merits of flaw bounties 2006-04-07
Matthew Murphy

Groups argue over merits of flaw bounties 2006-04-07
TJ (2 replies)

May be I'm naive. But, why not leave the vulnerability research to the software vendors who make the products? Let them sink or swim based on how they maintain-patch them. If you choose to help, it's at your own risk, unless some type of contract-agreement has been created with the vendor for doing such work.

I understand many want to help in the sense of protecting end users and the industry as a whole. But, may be helping is actually hurting. May be by helping them, they're not being held fully accountable for their own product.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11386/33606#33606

Re: Groups argue over merits of flaw bounties 2006-04-07
Anonymous

Re: Groups argue over merits of flaw bounties 2006-04-08
Matthew Murphy

Groups argue over merits of flaw bounties 2006-04-10
Anonymous (1 replies)

Re: Groups argue over merits of flaw bounties 2006-04-10
Anonymous