On BNET: Fix your remote like MacGyver
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 5 of 34:
Next »
« Previous
Public dissemination of vulnerabilities
Anyone who openly provides exploit code should be legally responsible for the effects. If a worm using the exploit produces $1 billion worth of damage, the one who published the code should be reimbursing the cost from prison earnings for, say, 20 years.

Anyone who openly publishes a vulnerability in such detail that the problem can be found and used easily for malware should be subject to only slightly less severe penalties.

In my view, someone who produces or contributes to the production of malware should be subject to penalty. The motive for the crime and the amount of money received by the perpetrator are not relevant to the severity of the offense.

That said, the problem of how to compel a response by the company which has produced the vulnerability remains. A solution has to be found which does not jeopardize millions of innocents and billions of dollars.

Responsible people in the security field and the companies appear to be approaching a solution, but from the article the people identifying vulnerabilities still observe a disproportion in power between themselves and the companies which must act to prevent flaws.

Analogous to a regulator, there should be a prominent security organization which can get headlines by announcing a substantial flaw. Some government agencies have allready shown how prominent such announcements can become.

Public complaints by respected people can have an effect where it's most important to a company, in sales and product use.

Let's limit the damage to the company which is being lax about a vulnerability, rather than punishing such companies by damaging many people who have no responsibility for the situation.
Posted by: Anton Philidor   Posted on: 08/17/06 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Its the  not of this world | 08/17/06
I agree;  Suicida| | 08/17/06
Cheap way to find flaws  SteveTheWirePuller | 08/17/06
Valid concerns from true flaw finders  Boot_Agnostic | 08/17/06
Public dissemination of vulnerabilities  Anton Philidor | 08/17/06
A problem...  ju1ce | 08/17/06
Why would the idea fail?  Anton Philidor | 08/17/06
well it can...and it can't..  Monkey_MCSE | 08/17/06
another question...sorry  Monkey_MCSE | 08/17/06
The organization's purpose...  Anton Philidor | 08/17/06
And...  Anton Philidor | 08/17/06
and how many years did it take them??  Monkey_MCSE | 08/17/06
If no alternative operating systems...  Anton Philidor | 08/18/06
Fair's fair  Yagotta B. Kidding | 08/17/06
Flaw finders to software makers: It's payback time  puppadave | 08/17/06
IF THERE'S ANYTHING WRONG WITH A COMPUTER OR SOFTWARE IT'S A VIRUS !  BALTHOR | 08/17/06
Message has been deleted.  Colonel Panijk | 08/18/06
Flaw Finders  eryxias7@... | 08/17/06
What's the limit?  rpmyers1 | 08/18/06
No respect  shraven | 08/17/06
Last thing vendors want: explaining changes to outsiders  ejhonda | 08/17/06
Producing responses  dmhunter@... | 08/17/06
Bad headline  John L. Ries | 08/17/06
Shakedown  DaveSoNSo | 08/17/06
That's called "blackmail"  John L. Ries | 08/18/06
Ignorance is bliss, ay?  Tialin | 08/17/06
Well...  Anton Philidor | 08/17/06
Inconsistent expectations  DaveSoNSo | 08/17/06
When I pay for Software I Expect it to Work  OldTimer1 | 08/21/06
It's always Microsoft  AAWW | 08/17/06
I wouldn't say most flawed...  jasonp@... | 08/18/06
software flaws  jhinkson@... | 08/17/06
Not likely....  Leria | 08/18/06
Unlikely but possible  tony@... | 08/18/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

SmartPlanet

Click Here