Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Busting the Worm Writers

Nov 24, 2003 6:50PM PST
Opinion Microsoft deserves praise for offering a cash reward to catch people who criminally exploit their bugs, argues SecurityFocus columnist Tim Mullen.

The Microsoft bounty is almost old news, but I could not let the subject slip by without throwing in my two cents worth.

For the cave dwellers out there, let me summarize: Microsoft, the US Secret Service, the FBI and Interpol announced the creation of a special fund to provide reward money to aid in the conviction of worm writers. Of an initial infusion of five million dollars, $250,000 per worm has been assigned as bounty to whoever finks out the authors of MSBlast and SoBig.

Offering a cash reward to capture criminals is a good idea. Does a reward work in every case? Of course not, nothing does. But it is part of an overall strategy-- a strategy in depth. That's what bugs me about the criticism: people take it as a single action, as if it is the only thing Microsoft is doing about security. The truth is that Microsoft really is making great progress in the security of their products, while at the same time trying to make those products "idiot proof" which is indeed a difficult thing to do.

Internet security is not a Microsoft problem. It is not a Linux problem. It is a people problem. Rather than making individual criticisms of perceived failure, I think we are better served to work together and celebrate our successes.

http://www.theregister.co.uk/content/56/34176.html

Discussion is locked