Proposed: a Bounty for Bugs

Proposed: a Bounty for Bugs
Mark Rasch, 2003-11-10

Instead of paying hard cash to punish computer criminals, vendors should reward grey hat hackers for responsibly finding and reporting the security holes that make cyber attacks possible.

Expand all | Post comment

Proposed: a Bounty for Bugs 2003-11-10
researcher

Proposed: a Bounty for Bugs 2003-11-11
Anonymous (1 replies)

Proposed: a Bounty for Bugs 2003-11-13
Mark Rasch

Proposed: a Bounty for Bugs 2003-11-11
Psuedo-Anonymous Coward (1 replies)

Proposed: a Bounty for Bugs 2003-11-19
Anonymous

Proposed: a Bounty for Bugs 2003-11-11
Anonymous (1 replies)

Proposed: a Bounty for Bugs 2003-11-13
Anonymous

Proposed: a Bounty for Bugs 2003-11-11
agent1

While this is a great idea, the problem would be companies stating they were already aware of that bug to avoid paying out money. They would then make a fix for it now that they really were aware of it thanks to the grey hat, and nobody would ever receive any compensation. If a contract could be made to bind both parties, the grey hat and the company, this could move forward.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/197/23629#23629

Proposed: a Bounty for Bugs 2003-11-11
Ragnarok

Proposed: a Bounty for Bugs 2003-11-11
Theuns

Proposed: a Bounty for Bugs 2003-11-11
frustrated security dweeb

Proposed: a Bounty for Bugs 2003-11-12
Bob Weiss - Passsword Crackers, Inc.

Proposed: a Bounty for Bugs 2003-11-12
Lockdown

Proposed: a Bounty for Bugs 2003-11-12
Anonymous

Proposed: a Bounty for Bugs: A Notoriously Bad Idea 2003-11-12
Michael Sierchio (1 replies)

Proposed: a Bounty for Bugs: A Notoriously Bad Idea (NOT) 2003-11-13
Raindeer (1 replies)

Proposed: Pay for non-disclosure 2003-11-17
Anonymous

Proposed: a Bounty for Bugs 2003-11-13
Anonymous

Proposed: a Bounty for Bugs 2003-11-13
Sunil James - Director, iDEFENSE

Proposed: a Bounty for Bugs 2003-11-14
Administrator