Well, well, well.... I was wondering when this idea would finally come to light. It's a lose-lose situation. It will help keep vulnerabilities unknown to the public for a longer period of time which will give the underground more time to exploit these vulnerabilities before patches are created, if created. Also, it will deter the white hats from publishing new vulnerabilities because of all the new hoops and legal ramifications they might run into with the process.

This is a great idea. Why not just give up now and surrender to the black hats? It will speed up the entire process.

Oh, wait... let's see... a better idea would be to have the software companies design secure code from the get go... Let's build laws around that idea. If a bank buys a vault and it doesn't prevent theft, the bank can use the law to go against the vault company for creating a faulty vault. Why not do the same for the software giants? So it will cost them a little more to make the secure software... they make too much money from their software, anyway.

Never mind. The great ideas are the ones that never come to light. Only the ideas that come from folks with the big $$$.

G8R-B8

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/5458/20330#20330