Ben Gracewood on bug bounties

Ben Gracewood writes in NBR about bug bounties and in general about exposing security flaws.

At least he admits to being “a wet pinko liberal socialist“, which probably explains why NBR and others didn’t castigate Scoop for their security breach.

In some cases, companies provide a “bug bounty” for users that discover security flaws. This is for a couple of reasons: firstly because there is value in having these flaws discovered and resolved before they are made public; and secondly it acts as an incentive for “black hat” hackers to move from step one to step two above. Hackers can opt for a quick, legitimate pay-off, rather than exploiting the flaw for possible dubious gain.

In my opinion, it’s totally kosher to ask a private company for a bug bounty. It’s in their interest to close the hole, and most responsible companies should have a public bounty policy, because even the best operational security is not going to keep up with every single exploit.

But a government department? I’m not sure about this one. On the one hand I think it’s our social responsibility to help these guys out as much as we can. Maybe I’m a wet pinko liberal socialist, but we’re all in this s*itfight called the internet together, and I think it’s a bit much to ask for a bug bounty on an issue that affects the most vulnerable  in our society.

But then I read about $50,000 for a two-week Delloite review and think that maybe a $2000 reward per bug would go a long way to making that review irrelevant.


Do you want:

  • Ad-free access?
  • Access to our very popular daily crossword?
  • Access to daily sudoku?
  • Access to Incite Politics magazine articles?
  • Access to podcasts?
  • Access to political polls?

Our subscribers’ financial support is the reason why we have been able to offer our latest service; Audio blogs. 

Click Here  to support us and watch the number of services grow.

As much at home writing editorials as being the subject of them, Cam has won awards, including the Canon Media Award for his work on the Len Brown/Bevan Chuang story. When he’s not creating the news, he tends to be in it, with protagonists using the courts, media and social media to deliver financial as well as death threats.

They say that news is something that someone, somewhere, wants kept quiet. Cam Slater doesn’t do quiet and, as a result, he is a polarising, controversial but highly effective journalist who takes no prisoners.

He is fearless in his pursuit of a story.

Love him or loathe him, you can’t ignore him.

Tagged:
48%