Vulnerability disclosure policies - lost and found
Posted Jul 13, 2010 14:20 UTC (Tue) by giraffedata
In reply to: Vulnerability disclosure policies - lost and found
Parent article: Vulnerability disclosure policies
If we consider it a person's obligation to disclose a bug for free once he finds it, how much incentive does he have to look for bugs?
He gets to feel smarter than the author of the buggy code.
That's a good incentive for hobby-level bug investigation, but not enough to give up one's day job or hire a staff or give someone a research grant. I don't know much about the project in question here, but I have the impression that many of these bug hunters put more than recreational level effort into it.
to post comments)