ITMPI FLAT 005
Main Menu
Home / IT Best Practices / The Case for a Compulsory Bug Bounty

The Case for a Compulsory Bug Bounty

What If Software Makers Were Held Responsible?

What if makers of software were held accountable when their programs are hacked? It might seem ridiculous—especially if you’re one of those developers, but Brian Krebs believes that the best way to make sure software companies do the most possible when testing against hackers is to hold them directly accountable for vulnerabilities.

A Market to Buy Zero Day Flaws

Citing vulnerability researcher Stefan Frei’s research, Krebs highlights the market for “zero day flaws”, or flaws in the software that the makers of the software aren’t even aware of. The way of stopping hackers from buying the flaws is to purchase them at a higher price, which is what many security firms do. What Frei proposes is an international buying operation where the makers of software were required to pay for any vulnerability found. Idea being, simply, that there would be more thorough internal efforts to find “zero day flaws” than not. The independent review could inspire a stronger internal review. This played out positively in other innovations:

“When you look at new innovations like cars, airplanes and electricity, we see that security and reliability was enhanced tremendously with each as soon as there was independent testing,” said Frei, an experienced helicopter pilot. “I was recently reading a book about the history of aviation, and [it noted that in]the first iteration of the NTSB [National Transportation Safety Board] it was explicitly stated that when they investigate an accident, if they could not find a mechanical failure, they blamed the pilot. This is what we do now with software: We blame the user. We say, you should have installed antivirus, or done this and that.”

Yet another possibility brought up is government intervention, and the author goes on within that subject among a few others in this informative and question-raising post. 

Read the full post here: http://krebsonsecurity.com/2013/12/the-case-for-a-compulsory-bug-bounty/

About Matthew Kabik

Matthew Kabik is the former Editor of Computer Aid's Accelerating IT Success. He worked at Computer Aid, Inc. from 2008 to 2014 in the Harrisburg offices, where he was a copywriter, swordsman, social media consultant, and trainer before moving into editorial.

Check Also

10 Mistakes to Avoid When Troubleshooting IT Problems

Troubleshooting a problem can be a pretty tense time in the heat of the moment. …

Leave a Reply

Your email address will not be published. Required fields are marked *