Upcoming Events

Executive conference

Cloud Connect March 16-18

Comprehensive thought leadership for executives, IT professionals and developers. Topics include: the ROI, cost and economics of on-demand computing; Migration strategies to move from on-premise to cloud-based IT; Vertical cloud specialization, tailoring features and architectures to specific applications, industries, and customer ecosystems

More Events »

Vendor Newsfeed

More Vendor Newsfeed »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Hacking Contests: See No Evil, Hear No Evil

Posted by Jordan Wiens on May 11, 2007




Can plugging a security vulnerability ever be a bad thing? We'd argue no; others, including Gartner, disagree.


At issue are hacking contests, where a company posts a bounty to encourage people to uncover software vulnerabilities, so they can ultimately be closed. Gartner recently pointed to two hacking contests--a Mac one at CanSecWest and an event that discovered an Apple QuickTime flaw--and said "conducting vulnerability research in a public venue is risky and could lead to mishandling or treating too lightly these vulnerabilities."


As someone who has participated in such contests, I disagree. When a vulnerability is found and publicly announced, what's the downside? The hole is there regardless--indeed, the event uncovers it. How is this more dangerous than not running the contest and hoping the bad guys wouldn't have found it first? --Jordan Wiens, jwiens@nwc.com

Add Your Comment:

  Sponsored Links

Premium Content

Next Generation Data Center, Delivered, November 17th
NWC


Salary

Video

View All Videos

Most Popular

Stories Blogs

More Stories »

Whitepapers

More »

BlogRoll