Brilliant: Tech Giants Start Security Bug Bounty Programs
Quick analogy: Windows is to your computer like Open SSL, Open SSH, Bind, and other open-source packages are to the Internet as a whole.
Your computer runs on Windows, while web apps, servers, e-commerce sites, and pretty much the entire Internet, runs on these collections of open-source code. But while Microsoft, as the owner and vendor of Windows, is responsible for patching up security bugs in the consumer operating system, who is responsible for finding and fixing security bugs in these widely-used, free, open-source packages?
Open Source: By Everyone, For Everyone
The beauty of open-source code is that anyone can use it, anyone can modify it, and anyone can benefit from it. But with no central vendor behind it, what company is going to be willing to dump their own resources into finding and patching security bugs, especially when there are so many other companies that are motivated to do it?
It's classic diffusion of responsibility: leave it to somebody else. And while altruistic motives of making the Internet a better place may suffice for the beginning stages of a project, companies, eventually, have to report to shareholders, and internal software gets the nod over open-source coding.
The Bug Bounty Program
To ensure that everyone is chipping in, and to stave off diffusion of responsibility issues, Microsoft and Facebook sponsored a bounty program, and they are joined by researchers at Google, security firm iSec Partners, and craft e-commerce website Etsy, reports Ars Technica.
The bounty program, will, in some instances, pay more than $5,000 per vulnerability. The bugs must affect software that is used by multiple companies, must have potentially severe consequences for the general public, and must affect a wide variety of users.
Researchers will then conduct triage, coordinating disclosures to affected companies and planning repairs.
The program isn't the first of its kind -- Google, last month, offered bounties for open-source bugs, and a number of companies reward individuals who find vulnerabilities in their own software. This program, however, bands together multiple companies, to address the Internet as a whole.
And while this may not directly help your mom-and-pop shop, or your solo attorney in Yolo county, security enhancements to the common code of the Internet means less chance of a website hack, or a cilent data leak.
Have an opinion? Tweet us @FindLawLP.
- Legal Technology Center (FindLaw for Legal Professionals)
- Office Web Apps Finally Catches Up To Google Docs' Collaboration (FindLaw's Technologist Blog)
- Caller ID By Google: You Need to Prepare for This (FindLaw's Technologist Blog)
- Tragedy of the Creative Commons: AOL Takes on Startup People+ (FindLaw's Technologist Blog)
You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help
Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.