FEATURED VIDEO

Sponsored By:
SLIDE SHOWS
Our list of the most innovative executives of the year spotlights the people that are pushing the envelope with new products and channel programs to bring solution providers to new heights.
Find out which executives made the grade and held their own, despite the great IT downturn of 2009.
Most everyone loves Thanksgiving turkeys. But IT industry turkeys? Not so much. We look at 10 examples of 'turkeys' that have disappointed the tech industry this year.
INSIDE CHANNELWEB
UNDER THE RADAR

Cash For Apple Exploit?


CRN logo By Larry Hooper, ChannelWeb

12:00 AM EDT Mon. May. 14, 2007
From the May 14, 2007 issue of CRN
TippingPoint got security tongues wagging again with a $10,000 bounty to a security researcher who won a hacking contest at a regional security event in Canada.

LARRY HOOPER
Can be reached via e-mail at lrhooper@cmp.com.
The security vendor's Zero Day Initiative, which pays would-be hackers or security researchers for vulnerabilities or exploits uncovered, has been controversial since its inception. But extending the bounty to someone who won a hacking contest raised the hackles of the security establishment to new levels.

In this case, at the CanSecWest conference in Vancouver, British Columbia, security researcher Dino Dai Zovi won the contest by creating a QuickTime exploit and using it to take over a MacBook laptop. At the event, Zovi won the MacBook for his efforts.

As a rule, security vendors tend not to involve themselves in these types of contests because they fear it will feed the conspiracy theorists' speculation of vendors capitalizing on their own vulnerabilities. So, TippingPoint's decision to give Zovi $10,000 for the exploit didn't sit particularly well.

One McAfee researcher took TippingPoint to task, accusing the company of tarnishing the reputation of the industry as a whole. "The antivirus community, long the target of [bogus] claims that they write viruses to make money, wouldn't touch a contest like this with a barge-pole," McAfee researcher Rahul Kashyap wrote on his blog.

Others said the extra attention could lead hackers to reverse-engineer Apple's patch for the exploit.

Whether you come down on the side of TippingPoint or McAfee, one thing is clear: The IT security industry is still a long way from establishing who, when and how to reveal vulnerabilities that could have seriously detrimental effects.

And while security researchers debate the concept of freedom of information vs. protection from an academic, ivory tower perspective, the industry as a whole loses credibility.

With each new security breach, consumers and business owners become less and less confident in the safety of their information and the systems they use to communicate, conduct business, shop, bank and pay bills.

So, whatever system of disclosure the industry finally settles on to disclose vulnerabilities, user confidence should be top of mind in the decision-making process. Because without user confidence, security is irrelevant.

Should we pay for vulnerabilities? Send your thoughts to lrhooper@cmp.com.

 
Channelweb : Promofinder
FEATURED PROMOTIONS
Avnet 0% Lease Promotion
The Avnet Capital Solutions “0% Lease Promotion” has been extended to December 31, 2009! This offering significantly reduces ...
Double Your Money!
Cash Rewards - DOUBLED!
RELATED BLOG >>
Photo
LogLogic takes complex log data and turns it into something manageable.
ADVERTISEMENT




CHANNEL SERVICES >>