Over the weekend, Microsoft offered an olive branch to security researchers. Microsoft said that researchers discovering flaws on their websites will have no need to fear legal action. In short, if you can hack them they won't sue you, or have you arrested.
(IMG:J.Anderson) Microsoft says that researchers discovering flaws on their websites will have no need to fear legal action.
The announcement came Saturday at ToorCon, a security conference held in Seattle. Many experts call the offer a bold move, and are looking for other major companies to follow suit.
“This is actually really important because online services - that's our stuff,” Microsoft security strategist Katie Moussouris said. “The philosophy here is if someone is being nice enough to point out your fly is down, they're really doing you a favor and you should thank them rather than calling the cops and saying you're a pervert.”
“Don't hate the finder - hate the vulnerability. We don't actually want to discourage people who are trying to help us by being iffy about whether we're going to go after them,” she said after her talk to The Register.
Vulnerabilities are discovered each day on the Internet. The reason they are never disclosed is fear. Researchers are afraid of litigation from the company who owns the website. Such cases are all too frequent. There have been many documented researchers who have disclosed vulnerabilities and were later sued, or in the case of one college student arrested.
Microsoft’s offer is a great start, the trick would be to see if anyone follows suit.
There are currently no comments for this article. Be the first to comment!
Advertising
There are currently no comments for this article. Be the first to comment!