, 2003-11-10
Instead of paying hard cash to punish computer criminals, vendors should reward grey hat hackers for responsibly finding and reporting the security holes that make cyber attacks possible.
Expand all |
Post comment
|
Proposed: a Bounty for Bugs
, 2003-11-10 Instead of paying hard cash to punish computer criminals, vendors should reward grey hat hackers for responsibly finding and reporting the security holes that make cyber attacks possible.
Expand all |
Post comment
|
|
|
Privacy Statement |
Then they contact the vendor and say, "I have discovered a new exploit against your software. I realize it takes time to repair such things and I am willing to withold disclosure for $100 per day, negotiable. I will wait 72 hours for your response to negotiate on price before I assume you are rejecting this offer."
Let your lawyer reword this to avoid any extortion accusation. Honestly though, this is the way the security companies work, but on a bigger scale and a more family friendly way.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/197/23752#23752