Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security

Is Paying Hackers Good for Business? 94

Posted by Zonk from the moral-quandry dept.
Jenny writes "In the light of the recent QuickTime vulnerability, revealed for $10,000 spot cash, the UK IT Security Journalist of the Year asks why business treats security research like a big money TV game show. 'There can be no doubt that any kind of public vulnerability research effort will have the opportunity to turn sour, both for the company promoting it and the users of whatever software or service finds itself exposed to attack without any chance to defend itself. Throw a financial reward into the mix and the lure of the hunt, the scent of blood, is going to be too much for all but the most responsible of hackers. There really is no incentive to report their findings to the vulnerable company, and plenty not to. Which is why, especially in the IT security business, there needs to be a code of conduct with regard to responsible disclosure.' Do you think there's any truth to this? Or is it a better idea to find the vulnerabilities as fast as possible, damn the consequences?"
This discussion has been archived. No new comments can be posted.

Is Paying Hackers Good for Business? More

Is Paying Hackers Good for Business?

Comments Filter:

  • Re:Money laundering (Score:3, Informative)

    by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Thursday May 10, 2007 @04:52PM (#19074393) Homepage Journal

    In reality, though, job descriptions are the result of careful, diligent, and deliberate definition by HR departments who already have a candidate in mind.

    Careful? Yes. Deliberate? Maybe. Diligent? Usually not, which is why we end up with ads requiring a decade of .NET experience or similar.

    Usually the HR department knows jack diddly shit about the job they're writing requirements for. And if you hand them requirements that actually fit the position, they'll rewrite them anyway.

  • Hackers? (Score:1, Informative)

    by tm2b ( 42473 ) on Thursday May 10, 2007 @05:09PM (#19074685) Journal
    Of course paying hackers is a good idea, if you want to generate any interesting code... Oh, wait a minute. Slashdot has bought into the lowest common denominator usage of "hacker" to mean a cracker. And here I thought my opinion of the Slashdot moderators couldn't get any lower, after I had moderation privs revoked for daring to criticize them on other matters...

  • Re:Bounty Hunters (Score:3, Informative)

    by Torvaun ( 1040898 ) on Thursday May 10, 2007 @11:18PM (#19078505)
    Generally, the accused but innocent don't take off. They stay in the state like they're supposed to, they show up to their trial, and then they most often get acquitted. Violating bail is, in fact, a crime, so a bail jumper is a criminal, regardless of whether or not he's guilty of the crime he put up bail for.

Slashdot Top Deals

If you want to put yourself on the map, publish your own map.

Close