Surinder Dhar's Tech Blog is about Technology,Science,Computing,Software,Telecom and Gadgets from all over the world.Keep abreast with latest news and reveiws on science and technology.
Thursday, June 14, 2007
Rewarding Independent Security Researchers
Everybody seems to be upset with Tipping Point- a the leading provider of network based intrusion prevention systems for awarding $ 10,000 price to Dino Dai Zovi as a top prize in a hacking contest they conducted recently. The so called a - MacBook Pro hijack exposed vulnerability in input handling in Safari, Apple Inc.'s web browser and this has started a wide debate over the “responsible disclosure” of vulnerabilities. Most of the security experts and vendors seem to up against the Tipping Point for this act, as it seems to be against the Organization of Internet Safety (OIS) guidelines. Whatever these guidelines may stipulate, I do not see any problem in rewarding efforts of independent security researches. In fact, the two security vendors Tipping point and VeriSign who are engaging independent security researches accounted for 25 % of total vulnerabilities reported for Windows, Linux/Unix and Macintosh. I would suggest that other security vendors may be better of to take this route as well and they may as well dump Organization of Internet Safety (OIS) guidelines.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment