iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Microsoft Won't Sue Over Legitimate Flaw Discovery
Search:
[ insider_reports_insider ]

Microsoft Won't Sue Over Legitimate Flaw Discovery



David Utter
Staff Writer
2008-04-21

SecurityProNews: Insider Reports Insider Reports RSS Feed


Security researchers do not want to end up being arrested or sued for pointing out problems on a website, and Microsoft would rather know the awful truth than prosecute.

Microsoft Won't Sue Over Legitimate Flaw Discovery
Microsoft Won't Sue Over Legitimate Flaw Discovery

If Microsoft's web properties are being a little indiscreet, they would rather know about the problem. It's a nice way of getting security researchers to do a little of Microsoft's work for it.

The Register cited a Microsoft representative's views on the topic of ethical hackers finding and reporting flaws they discover on websites. Prosecutions have happened elsewhere when a well-meaning researcher drops a company a note about a problem, only to be rewarded with lawsuits or jail.

At Microsoft, they prefer to find out when there is a problem, the report noted:

"This is actually really important because online services - that's our stuff," Microsoft security strategist Katie Moussouris told several hundred researchers. "The philosophy here is if someone is being nice enough to point out your fly is down, they're really doing you a favor and you should thank them rather than calling the cops and saying you're a pervert."
Though we haven't heard of anyone being arrested for pointing out the, um, barn door is open, it's nice to know Microsoft is watching out for undone zippers and encouraging others to do the same, from a security standpoint.

Attempting to prosecute people who discover these problems with an interest in bringing them to the attention of the site publisher never made much sense. If someone's running Metasploit 24/7 trying to crack a site and gets caught, that's a different issue.

Some of these prosecutions, we'll suggest, happened out of corporate embarrassment. Persons responsible for the technology in question shove the blame onto the "evil hacker" for discovering a flaw, in order to safeguard their jobs.

We hope, of course, that Microsoft won't turn any engineers into Soylent Green if some security pro points out a problem with a Microsoft web property. That would be counter-productive.


About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds