Premium Content

Access "Viewpoint: Vulnerability researchers doing more than 'search'"

Published: 20 Oct 2012

Bug Finding: Ethical and Necessary Regarding Bruce Schneier and Marcus Ranum's "Is Vulnerability Research Ethical?" (Face-Off, May 2008), the question may as well be: "Is it Ethical to Force Automobile Companies to Crash Test Their Cars?" Would Microsoft ever have gotten a clue about reducing programming mistakes without the constant stream of security revelations about its software? Have any other vendors been significantly better than Microsoft on mistake reduction? It's a shame Ranum didn't bother to speak to the question, but rather chose to trot out examples of poorly done software development. It's interesting how similar Ranum's list of "counterexamples" is to vulnerability research: "This should be fixed, that should be fixed, and that new thing on the Web shouldn't be going on at all." It's also interesting that Ranum sheds some light on the design side of the problem. We commonly look on our security problems with software as mistakes made in implementation. Sometimes though, the sources of these problems go all the way back to the original design.... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside


More Premium Content Accessible For Free