Proposed: a Bounty for Bugs

Proposed: a Bounty for Bugs
Mark Rasch, 2003-11-10

Instead of paying hard cash to punish computer criminals, vendors should reward grey hat hackers for responsibly finding and reporting the security holes that make cyber attacks possible.

Expand all | Post comment

Proposed: a Bounty for Bugs 2003-11-10
researcher

Proposed: a Bounty for Bugs 2003-11-11
Anonymous (1 replies)

Proposed: a Bounty for Bugs 2003-11-13
Mark Rasch

Proposed: a Bounty for Bugs 2003-11-11
Psuedo-Anonymous Coward (1 replies)

Proposed: a Bounty for Bugs 2003-11-19
Anonymous

Proposed: a Bounty for Bugs 2003-11-11
Anonymous (1 replies)

You forget one thing: Hackers are not corporate beings, and don't like to be shoehorned into corporate processes and procedures, especially not when it means more work than fun. Scratch that idea.
And a bounty will only attract other types of hackers -- not those interested for the sake of interest, but those interested because of money. You'll end up creating new hackers of a very dark shade of grey, who do this for questionable motives.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/197/23624#23624

Proposed: a Bounty for Bugs 2003-11-13
Anonymous

Proposed: a Bounty for Bugs 2003-11-11
agent1

Proposed: a Bounty for Bugs 2003-11-11
Ragnarok

Proposed: a Bounty for Bugs 2003-11-11
Theuns

Proposed: a Bounty for Bugs 2003-11-11
frustrated security dweeb

Proposed: a Bounty for Bugs 2003-11-12
Bob Weiss - Passsword Crackers, Inc.

Proposed: a Bounty for Bugs 2003-11-12
Lockdown

Proposed: a Bounty for Bugs 2003-11-12
Anonymous

Proposed: a Bounty for Bugs: A Notoriously Bad Idea 2003-11-12
Michael Sierchio (1 replies)

Proposed: a Bounty for Bugs: A Notoriously Bad Idea (NOT) 2003-11-13
Raindeer (1 replies)

Proposed: Pay for non-disclosure 2003-11-17
Anonymous

Proposed: a Bounty for Bugs 2003-11-13
Anonymous