, 2003-11-10
Instead of paying hard cash to punish computer criminals, vendors should reward grey hat hackers for responsibly finding and reporting the security holes that make cyber attacks possible.
Expand all |
Post comment
Proposed: a Bounty for Bugs: A Notoriously Bad Idea
2003-11-12
Michael Sierchio (1 replies)
Michael Sierchio (1 replies)
>>>well trained professionals rely on unknown
>>>greys to find the security holes and audit >>>their code?
ok. to be serious, whitch company realy has that? they throw beta stuff on the market as "final release" and let the customer be the testdude. "do you like to send bug report?" no, why shoul'd i?
>>>sounds very risky to throw money at people >>>who's motives or perhaps true identities >>>or qualifications is not known?
qualifications? he found the bug, if it is real, who cares about qulifications. at least he found the bug!
motives? i think, if you get money for the found bug, you may not using the bug, to get money in a criminal way. thus makeing the world maybe more secure.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/197/23760#23760