Hacking Contests: See No Evil, Hear No Evil

Are 'hacking contests'--events where companies offer prizes to users who can uncover software vulnerabilities--a threat to security? Gartner thinks so. But is it being quick to judge?

May 11, 2007

1 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Can plugging a security vulnerability ever be a bad thing? We'd argue no; others, including Gartner, disagree.

At issue are hacking contests, where a company posts a bounty to encourage people to uncover software vulnerabilities, so they can ultimately be closed. Gartner recently pointed to two hacking contests--a Mac one at CanSecWest and an event that discovered an Apple QuickTime flaw--and said "conducting vulnerability research in a public venue is risky and could lead to mishandling or treating too lightly these vulnerabilities."

As someone who has participated in such contests, I disagree. When a vulnerability is found and publicly announced, what's the downside? The hole is there regardless--indeed, the event uncovers it. How is this more dangerous than not running the contest and hoping the bad guys wouldn't have found it first? --Jordan Wiens, [email protected]

Read more about:

2007
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights