Security research: buy low, sell high?
Posted Jul 15, 2007 11:11 UTC (Sun) by ortalo
Parent article: Security research: buy low, sell high?
The security researchers should certainly be rewarded for their work, that's a long time problem so any attempt to improve this situation is indeed worth a look.
But I wonder how one could adress the other part of the problem: how could we *punish* the developers/managers/companies/users that introduce security bugs?
Certainly, that's a difficult problem, only intentionally careless developers deserve punishment, individuals certainly should be treated differently from organizations, administrators are sometimes the actual culprit, not to speak about all those managers who simply never want to fund security... However, it may be the other important part of the equation.
to post comments)