Slashdot Mirror
Wassenaar Treaty Will Hamper Bug Bounties
msm1267 writes: If the proposed U.S. Wassenaar rules are enacted, researchers who make a living contributing to and participating in the numerous industry bug bounties may feel the pinch in their wallets. Worse may be the impact on the security of software worldwide since many independent researchers find a good number of the bugs that get patched.
Researchers are starting to speak out, not only about the rules' broad definition of intrusion software, but also about the potential need to share vulnerability details with a government if forced to apply for the required export license. Many may soon question whether it's worth the time and effort to go through the export process if governments are acting as a clearinghouse.
Researchers are starting to speak out, not only about the rules' broad definition of intrusion software, but also about the potential need to share vulnerability details with a government if forced to apply for the required export license. Many may soon question whether it's worth the time and effort to go through the export process if governments are acting as a clearinghouse.
Why do governments think they can control the flow of security software and exploits over the Internet?
Bad guys already don't follow the laws, and will obtain and use them anyway.
Good guys testing security will probably obtain and use them anyway because the probability of actually getting caught and prosecuted for it are nearly nil if it's not being used in a crime.
In other words, these laws stop no one except maybe one or two goodie-two-shoes. What's the point?