Proposed: a Bounty for Bugs

Proposed: a Bounty for Bugs
Mark Rasch, 2003-11-10

Instead of paying hard cash to punish computer criminals, vendors should reward grey hat hackers for responsibly finding and reporting the security holes that make cyber attacks possible.

Expand all | Post comment

Proposed: a Bounty for Bugs 2003-11-10
researcher

Proposed: a Bounty for Bugs 2003-11-11
Anonymous (1 replies)

Proposed: a Bounty for Bugs 2003-11-13
Mark Rasch

Proposed: a Bounty for Bugs 2003-11-11
Psuedo-Anonymous Coward (1 replies)

Proposed: a Bounty for Bugs 2003-11-19
Anonymous

Proposed: a Bounty for Bugs 2003-11-11
Anonymous (1 replies)

Proposed: a Bounty for Bugs 2003-11-13
Anonymous

Proposed: a Bounty for Bugs 2003-11-11
agent1

Proposed: a Bounty for Bugs 2003-11-11
Ragnarok

Proposed: a Bounty for Bugs 2003-11-11
Theuns

Proposed: a Bounty for Bugs 2003-11-11
frustrated security dweeb

Proposed: a Bounty for Bugs 2003-11-12
Bob Weiss - Passsword Crackers, Inc.

Proposed: a Bounty for Bugs 2003-11-12
Lockdown

Proposed: a Bounty for Bugs 2003-11-12
Anonymous

Proposed: a Bounty for Bugs: A Notoriously Bad Idea 2003-11-12
Michael Sierchio (1 replies)

Proposed: a Bounty for Bugs: A Notoriously Bad Idea (NOT) 2003-11-13
Raindeer (1 replies)

Proposed: Pay for non-disclosure 2003-11-17
Anonymous

Proposed: a Bounty for Bugs 2003-11-13
Anonymous

This could also be seen as an incentive to programmers to write buggy code for their employers. They could then split the bounty with the anonymous gray hat (or be the anonymous gray hat themselves) for finding something they put in. Especially with the anonymity aspect, folks doing debuging work within the company would be incentivised to report bugs through the other system instead of through the proper channels.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/197/23674#23674

Proposed: a Bounty for Bugs 2003-11-13
Sunil James - Director, iDEFENSE

Proposed: a Bounty for Bugs 2003-11-14
Administrator

Proposed: a Bounty for Bugs 2003-11-14
Anonymous

Proposed: a Bounty for Bugs 2003-11-15
Anonymous (1 replies)

Proposed: a Bounty for Bugs 2003-11-18
intruder

Proposed: a Bounty for Bugs 2003-11-18
Anonymous

Old idea ... 2003-11-19
Garry