Presidential Advisor Encourages Computer Hackers to Break Software
July 31, 2002 2:12 PM ET
A presidential advisor encouraged the nation's top computer security professionals and hackers Wednesday to try to break computer programs, but said they might need protection from the legal wrath of software makers.
Richard Clarke, President Bush's computer security advisor, told hackers at the Black Hat conference that most security holes in software are not found by the software maker.
"Some of us, here in this room, have an obligation to find the vulnerabilities," Clarke says.
Clarke says the hackers should be responsible about reporting the programming mistakes. A hacker should contact the software maker first, he says, then go to the government if the software maker doesn't respond soon.
Hackers commonly share their findings with others in their community through e-mail lists or Web sites. But how much they should disclose is an ongoing debate among computer security professionals. Some argue that full disclosure is best, while others say a hacker should only warn that a problem exists without showing how to take advantage of it.
Clarke says hackers shouldn't help criminals by showing how to exploit a programming bug before the software maker has a chance to fix the problem by issuing a patch, or fix.
"It's irresponsible and sometimes extremely damaging to release information before the patch is out," Clarke says.
Companies differ in their response to independent researchers. While some encourage or even reward bug-hunters, others are more concerned about the possibility of extortion or embarassment to the company. In some instances, they seek civil or criminal charges against the hacker.
Clarke says that situation is "very disappointing," as long as the hacker acts in good faith.
"If there are legal protections they don't have that they need, we need to look at that," he says.
Copyright © 2002 The Associated Press. All rights reserved. The information contained in the AP News report may not be published, broadcast, rewritten or redistributed without the prior written authority of The Associated Press.
|
Five Companies That Dropped The Ball This Week For the week ending Feb. 10, CRN looks at five companies that were either asleep at the wheel or just didn't make good decisions. |
|
Five Companies That Came To Win This Week For the week ending Feb. 10, CRN looks at five companies that brought their 'A' game and made moves to beat out competitors |
|
10 Challenges That HP Wants Partners To Tackle Right Now CRN speaks with HP's business unit chiefs to get a sense of where they'd like partners to focus in the coming year, as well as how CEO Meg Whitman is making a difference. |
 More
Slide Shows |
