Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Shared parental leave
    • Redundancy
    • Maternity & Paternity
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

Personnel Today

Register
Log in
Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Shared parental leave
    • Redundancy
    • Maternity & Paternity
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

HR practice

Idappcom warns `pay-for-bugs’ approach by ITsec vendors sends out the wrong message

by Personnel Today 12 Nov 2010
by Personnel Today 12 Nov 2010

Reports that Barracuda Networks is offering in excess of $3,000 for details of serious bugs in its IT security products is the latest stage in a worrying new trend, says vulnerability and testing security specialist Idappcom.

Anthony Haywood, Idappcom’s  CTO, says that even though Barracuda is billing the bug bounty scheme as in the best interests of customer, there is a significant danger that it will attract developers into researching the vendor’s products and then offering them to the highest bidder.

“And, of course, if the bug is a really serious one that cybercriminals can exploit to generate fraudulent revenue, there is a significant danger of the exploit information falling into the dark ecosystem that black hat hackers – as well as cybercriminals – now inhabit,” he said.

“Whilst even organisations like Google and Mozilla offer juicy sums of money for bugs in their software, you are going to get other vendors following suit. But just because it is becoming the norm for the IT industry, does not make it in the long-term interests of our market sector,” he added.

The Idappcom CTO went on to say that the bug bounty schemes offered by a growing number of IT players has parallels in the `litigate for free’ industry that has sprung up on both side of the Atlantic’s legal industry over the last decade or so.

The law firms, he says, argue that their litigate-for-free service is really in the best interests of the consumer, but the problem is that a while new industry has been created, that has ended up pushing insurance premiums up for most businesses.

Someone, somewhere, has to pay for these types of services, and, Haywood observes, the same conclusions apply to the bug bounty programs offered by IT vendors.

The irony of the situation, he explained, is that, as well as paying indirectly for the bug bounty schemes, end users of IT security systems, software and services also end up `paying’ as the tide of malware and other electronic mayhem rises as a result.

“This is a cause and effect situation. No one really wins in the longer term from bug bounty programs. And that’s why we say that they are not in the real interests of our industry,” said Haywood.

“In the short term they make a good story – and perhaps even a good event like CanSecWest’s Pwn2Own cracking contest in North America – but the bottom line is that it’s not in our industry’s best interests to offer such large sums of money. For that reason we give a definite thumbs down to such practices,” he added.

For more the latest bug bounty scheme: http://bit.ly/b6wIiF

 

Avatar
Personnel Today

previous post
Alliance Learning has been awarded the Training Quality Standard
next post
CIPD 2010 closing keynote: Performance management a key issue in challenging times

You may also like

Lack of flexibility pushes half of women to...

16 May 2022

Queen’s Speech: Exclusivity contracts for low-paid workers to...

9 May 2022

Are we happy now? New research Sugar-coats working...

6 May 2022

Alan Sugar calls PwC Friday afternoons off a...

6 May 2022

Bank holidays: six things employers need to know

20 Apr 2022

HR in the 21st century: Tracie Sponenberg talks...

1 Apr 2022

Work in the metaverse: what should HR prepare...

1 Apr 2022

How hybrid working boosts recruitment but not retention

18 Mar 2022

How should HR approach sabbatical requests?

21 Feb 2022

Storm Eunice forces millions to work from home

18 Feb 2022
  • Apprenticeships are the solution to your recruitment problems PROMOTED | Apprenticeships have the pulling power...Read more
  • What it really means to be mentally fit PROMOTED | What is mental fitness...Read more
  • How music can help to ease anxiety at work PROMOTED | A lot has happened since March 2020, hasn’t it?...Read more
  • Why now is the time to plug the unhealthy gap PROMOTED | We’ve all heard the term ‘health is wealth’...Read more

Personnel Today Jobs
 

Search Jobs

PERSONNEL TODAY

About us
Contact us
Browse all HR topics
Email newsletters
Content feeds
Cookies policy
Privacy policy
Terms and conditions

JOBS

Personnel Today Jobs
Post a job
Why advertise with us?

EVENTS & PRODUCTS

The Personnel Today Awards
The RAD Awards
Employee Benefits
Forum for Expatriate Management
OHW+
Whatmedia

ADVERTISING & PR

Advertising opportunities
Features list 2022

  • Facebook
  • Twitter
  • Instagram
  • Linkedin


© 2011 - 2022 DVV Media International Ltd

Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Shared parental leave
    • Redundancy
    • Maternity & Paternity
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
    • OHW Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+