, 2003-11-10
Instead of paying hard cash to punish computer criminals, vendors should reward grey hat hackers for responsibly finding and reporting the security holes that make cyber attacks possible.
Expand all |
Post comment
Proposed: a Bounty for Bugs: A Notoriously Bad Idea
2003-11-12
Michael Sierchio (1 replies)
Michael Sierchio (1 replies)
"If the vulnerability creates a substantial risk to the vendor, or the product's users, the vendor would pay a bounty for the discovery, in addition to giving the finder proper credit. So, for example, the vendor could pay $6,000 for a vulnerabilitiy"
Why should a company who employs smart and
well trained professionals rely on unknown
greys to find the security holes and audit their code? sounds very risky to throw money at people who's motives or perhaps true identities or qualifications is not known? what makes them them better than the professionals a company trusts with no sketchy background?
I can understand if everyone is stumped on
a big problem and in need of "a real hacker"
this is a person with exceptional computer
and programming skills who does not hide behind any online alias and has no criminal background this guy or woman is the a bomb someone you break glass when all else fails they are the true problem solvers when you
need help. At least you know who your paying.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/197/23720#23720