Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is Paying Hackers Good for Business?

Posted by Zonk on from the moral-quandry dept.

Jenny writes "In the light of the recent QuickTime vulnerability, revealed for $10,000 spot cash, the UK IT Security Journalist of the Year asks why business treats security research like a big money TV game show. 'There can be no doubt that any kind of public vulnerability research effort will have the opportunity to turn sour, both for the company promoting it and the users of whatever software or service finds itself exposed to attack without any chance to defend itself. Throw a financial reward into the mix and the lure of the hunt, the scent of blood, is going to be too much for all but the most responsible of hackers. There really is no incentive to report their findings to the vulnerable company, and plenty not to. Which is why, especially in the IT security business, there needs to be a code of conduct with regard to responsible disclosure.' Do you think there's any truth to this? Or is it a better idea to find the vulnerabilities as fast as possible, damn the consequences?"

3 of 94 comments (clear)

  1. I wish... by firpecmox · · Score: 4, Funny

    My school would do this for me so I would stop getting suspended.

  2. Re:Bounty Hunters by Anonymous Coward · · Score: 1, Funny

    What's wrong with both?

    Nothing. Both Cops and Dog the bounty hunter get cool TV shows. Clearly that is the solution.

  3. Re:Stunning by merreborn · · Score: 3, Funny

    Maybe getting lambasted on Slashdot will be a wake-up call for him to actually do his homework before he spouts off.


    Wait, you mean there are stories/authors who don't get lambasted on slashdot?
    I thought we pretty much did our best to rip every story to shreds?