Reason Magazine

Get Reason E-mail Updates!

Manage your Reason e-mail list subscriptions

Site comments/questions:

Media Inquiries and Reprint Permissions:


(310) 367-6109

Editorial & Production Offices:

3415 S. Sepulveda Blvd.
Suite 400
Los Angeles, CA 90034
(310) 391-2245

advertisements

Print|Email

Frontier Justice

| January 30, 2004

Microsoft has stepped up with a $250,000 bounty for the skin of the author of the MyDoom.B email virus. Sounds interesting, but is there any evidence that such cyber-bounties produce positive results?

I mean, the people who build these kinds of things might be more motivated by the prospect of big, fat bounty on their weaselly little heads than other folks might be moved by a reward in exchange for stopping said weasels. Could make the problem worse. That's why I say the only safe recourse is shoot-on-sight.

← Where Have You Gone, Jesse Helms? | Main | Shooting the Moon →

|1.30.04 @ 1:51AM|

Why doesn't Microsoft pay a $250K reward to it's own programmers who discover and close vulnerabilities within MS software?
It would probably have a better net effect.

|1.30.04 @ 2:11AM|

Microsoft doesn't make money by fixing bugs. They make money by selling new whizbang features. I think these virus bounties are mostly PR, but after a few haXor d3wdz fink out their buddies, the bounties will have created a nice deterrent. Note that this does NOT mean Microsoft software will be more secure! It just means that the truly evil or "professional" hackers will keep security holes to themselves (like Microsoft's NSA_KEY cryptography backdoor).

StMack|1.30.04 @ 3:09AM|

Why doen't the Department of Homeland Security fine Microsoft $250k and use it to pay for the US-CERT virus alert system.

|1.30.04 @ 4:47AM|

Compromise:
$200k dead
$50k alive.
Same outlay.

|1.30.04 @ 6:46AM|

Joe - you may have been being facetious, but schemes like that have been tried. The problem is that they create an incentive for programmers to create bugs in their programs so they can "find" them later and claim the bounty. Assuming, of course, that an MS programmer is smart enough to know whether or not he's creating a security hole.

More seriously, Joel Spolsky (of joelonsoftware.com) has written a bit on the Microsoft practice of having an individual programmer "own" certain code or functionality. It's usually portrayed as a good thing, but I wonder if it doesn't have negative implications in terms of getting more eyeballs on a given piece of code.

|1.31.04 @ 2:26AM|

>is there any evidence that such cyber-bounties produce positive results?

email virus|6.26.04 @ 11:54AM|

Hello, did I complete this correctly?

Leave a Comment

advertisements

Home|About|Advertise|Privacy Policy|Contact
Copyright 2009, Reason Magazine