Access your Pro+ Content below.
The Pipe Dream of No More Free Bugs
This article is part of the Information Security magazine issue of May 2009
Information Security magazine, May issue Download the entire May issue of Information Security magazine here in PDF format. By MICHAEL S. MIMOSO, Editor No More Free Bugs is the new security researcher credo. A few high-profile bug hunters have decided gratis is a goner and they're not giving away their work for nothin' no more. Vendors such as Apple, Oracle and Microsoft can find their own browser bugs and buffer overflows. These guys are taking their keyboards and fuzzers and are going home. The reason for the change in attitude is apparently twofold: 1) Bugs are hard to find. What used to take a couple of hours of spare time to find now takes a weekend -- or a week, or a month; and 2) yesterday's young bug-finder is today's adult complete with spouses, kids, mortgages and bills to pay. They're not going to be satisfied with a tip-of-the-cap mention in the Patch Tuesday bulletin any more. Gratis is a goner. The revolution began at the CanSecWest conference in March in Vancouver where Charlie Miller won the Pwn2Own contest for ...
Access this PRO+ Content for Free!
Features in this issue
Identity management technology is adapting to meet enterprise needs. Learn what products can improve security and ease compliance.
The Cybersecurity Act of 2009, also known as S.773, would give the president unprecedented authority over federal and private networks. Experts debate whether it's a power grab, or a signal of the seriousness of threats to critical infrastructure.
Cut through the hype and learn the differences and benefits of intrusion detection and prevention systems.
Manual compliance processes are error-prone and drain corporate IT resources. Automated tools make a difference if you apply them to a well-organized compliance program.
Columns in this issue
A service-oriented approach is the best way to demonstrate security's value and win support for security initiatives.
Security researchers have declared they want vendors to compensate them for their independent search for vulnerabilities.
Security experts Bruce Schneier and Marcus Ranum debate whether users should have an expectation of online privacy.