Bug Bounties Exterminate Holes

Money changes everything. Just when security researchers and software companies seemed to reach a consensus on the contentious issue of publicizing information about computer security flaws, businesses that sell vulnerability information are disturbing the peace.

Last week, at the CanSecWest computer security conference in Vancouver, Canada, I debated the ways commercialization has changed vulnerability reporting during a panel discussion that included independent researchers as well as executives and employees from Oracle, Novell, Intel, 3Com and iDefense. My conclusion is that more commercialization means more private control, and that is not a good thing for security. Wired News: Bug Bounties Exterminate Holes

Linked by shanmuga Saturday, 15th April 2006 12:33AM