Frontier Justice

Jeff Taylor | 1.30.2004 12:50 PM

Microsoft has stepped up with a $250,000 bounty for the skin of the author of the MyDoom.B email virus. Sounds interesting, but is there any evidence that such cyber-bounties produce positive results?

I mean, the people who build these kinds of things might be more motivated by the prospect of big, fat bounty on their weaselly little heads than other folks might be moved by a reward in exchange for stopping said weasels. Could make the problem worse. That's why I say the only safe recourse is shoot-on-sight.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Where Have You Gone, Jesse Helms?

Hide Comments (7)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

bruce 21 years ago

Why doesn't Microsoft pay a $250K reward to it's own programmers who discover and close vulnerabilities within MS software?
It would probably have a better net effect.
Swamp Justice 21 years ago

Microsoft doesn't make money by fixing bugs. They make money by selling new whizbang features. I think these virus bounties are mostly PR, but after a few haXor d3wdz fink out their buddies, the bounties will have created a nice deterrent. Note that this does NOT mean Microsoft software will be more secure! It just means that the truly evil or "professional" hackers will keep security holes to themselves (like Microsoft's NSA_KEY cryptography backdoor).
StMack 21 years ago

Why doen't the Department of Homeland Security fine Microsoft $250k and use it to pay for the US-CERT virus alert system.
Ruthless 21 years ago

Compromise:
$200k dead
$50k alive.
Same outlay.
JD Weiner 21 years ago

Joe - you may have been being facetious, but schemes like that have been tried. The problem is that they create an incentive for programmers to create bugs in their programs so they can "find" them later and claim the bounty. Assuming, of course, that an MS programmer is smart enough to know whether or not he's creating a security hole.

More seriously, Joel Spolsky (of joelonsoftware.com) has written a bit on the Microsoft practice of having an individual programmer "own" certain code or functionality. It's usually portrayed as a good thing, but I wonder if it doesn't have negative implications in terms of getting more eyeballs on a given piece of code.
dj of raleigh 21 years ago

>is there any evidence that such cyber-bounties produce positive results?
email virus 21 years ago

Hello, did I complete this correctly?

Please log in to post comments

Frontier Justice

Latest

The Senate Just Passed Rand Paul's Bill To Block Trump's Tariffs on Canada

Joe Rogan Is Right: It Is 'Kind of Crazy' To Deport Innocent People Mistakenly Identified As Gang Members

Javier Milei's Free Market Reforms Are Starting To Pay Off

Americans Are Deeply Skeptical of Trump's 'Liberation Day' Tariffs

Can Trump Broker a TikTok Sale Before the April 5 Deadline?

Recommended

Login Form