Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Hacking Contests: See No Evil, Hear No Evil

Can plugging a security vulnerability ever be a bad thing? We'd argue no; others, including Gartner, disagree.

At issue are hacking contests, where a company posts a bounty to encourage people to uncover software vulnerabilities, so they can ultimately be closed. Gartner recently pointed to two hacking contests--a Mac one at CanSecWest and an event that discovered an Apple QuickTime flaw--and said "conducting vulnerability research in a public venue is risky and could lead to mishandling or treating too lightly these vulnerabilities."

As someone who has participated in such contests, I disagree. When a vulnerability is found and publicly announced, what's the downside? The hole is there regardless--indeed, the event uncovers it. How is this more dangerous than not running the contest and hoping the bad guys wouldn't have found it first? --Jordan Wiens, [email protected]