Vulnerability disclosure policies - lost and found
Posted Jul 10, 2010 0:18 UTC (Sat) by giraffedata
In reply to: Vulnerability disclosure policies
Parent article: Vulnerability disclosure policies
It is the law in California, and I suspect most of the U.S., that if you find someone's lost property, you must make an effort to return it to its owner, and you are not entitled to any reward.
This expresses some people's view of civility, but it also may prevent the recovery of some property, since someone can't make a business out of finding and returning property. The same could be said about reporting bugs. If we consider it a person's obligation to disclose a bug for free once he finds it, how much incentive does he have to look for bugs?
to post comments)