CSC 379 SUM2008:Week 3, Group 1: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 2: | Line 2: | ||
Is it good to encourage the formation of a market for bug reports where people who find bugs could be paid for their efforts? How about the danger that hackers might outbid developers and use this information and exploit the bug to reek havoc on users of the application? Can this danger be avoided by regulating the market? How can such of regulation succeed in practice? What about the problem of markets in other countries? In response to these concerns should software companies establish a policy of refusing to pay for bug reports? | Is it good to encourage the formation of a market for bug reports where people who find bugs could be paid for their efforts? How about the danger that hackers might outbid developers and use this information and exploit the bug to reek havoc on users of the application? Can this danger be avoided by regulating the market? How can such of regulation succeed in practice? What about the problem of markets in other countries? In response to these concerns should software companies establish a policy of refusing to pay for bug reports? | ||
== Arguments For The Use of These Markets == | |||
== Additional Links == | |||
* [http://bits.blogs.nytimes.com/2007/07/06/a-new-market-for-software-flaws/#more-206 http://bits.blogs.nytimes.com/2007/07/06/a-new-market-for-software-flaws/#more-206] | * [http://bits.blogs.nytimes.com/2007/07/06/a-new-market-for-software-flaws/#more-206 http://bits.blogs.nytimes.com/2007/07/06/a-new-market-for-software-flaws/#more-206] | ||
* [http://www.techcrunch.com/2007/07/06/hackers-ebay-legitimate-marketplace-or-organized-blackmail/ http://www.techcrunch.com/2007/07/06/hackers-ebay-legitimate-marketplace-or-organized-blackmail/] | * [http://www.techcrunch.com/2007/07/06/hackers-ebay-legitimate-marketplace-or-organized-blackmail/ http://www.techcrunch.com/2007/07/06/hackers-ebay-legitimate-marketplace-or-organized-blackmail/] |
Revision as of 22:41, 25 July 2008
Markets for Bug Reports
Is it good to encourage the formation of a market for bug reports where people who find bugs could be paid for their efforts? How about the danger that hackers might outbid developers and use this information and exploit the bug to reek havoc on users of the application? Can this danger be avoided by regulating the market? How can such of regulation succeed in practice? What about the problem of markets in other countries? In response to these concerns should software companies establish a policy of refusing to pay for bug reports?
Arguments For The Use of These Markets
Additional Links
- http://bits.blogs.nytimes.com/2007/07/06/a-new-market-for-software-flaws/#more-206
- http://www.techcrunch.com/2007/07/06/hackers-ebay-legitimate-marketplace-or-organized-blackmail/
- http://www.crn.com/security/201800238
- http://www.fstc.org/docs/articles/messaglabs_online_shadow_economy.pdf
- http://news.cnet.com/Offering-a-bounty-for-security-bugs/2100-7350_3-5802411.html