"Some "bug hunters" who uncover security flaws in computer
software and rush to issue public warnings may be helping hackers
more than consumers, industry officials worry. It's a thorny issue
that divides security specialists. Many argue that fast, full
disclosure of a vulnerability alerts computer users to take
precautions and pushes software makers to provide a quick solution.
Others say telling about how software is vulnerable to hackers
before companies have a chance to fix the problem only invites
"There needs to be a Hippocratic Oath for security
professionals," said Joel de la Garza of the Internet security
company Securify. "A rule like 'first, do no harm' would be a very
good thing, but highly unlikely." ... "People like to see their
name in the newspapers," said Richard Smith, chief technology
officer for the Privacy Foundation, a research center at the
University of Denver."
"Smith, who has found many bugs himself, said security
free-lancers perform a valuable service to software makers, often
for free. But he doesn't believe discoverers should divulge enough
to tip off hackers. "I'm dead set against full disclosure, I think
it's really wrong. If Microsoft has a bug, it's a good thing to
give just vague details," not a blueprint for exploiting it, he
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.