Fix the problem, not just point at it – thoughts on the “bug hunting” initiatives etc.
,

Fix the problem, not just point at it – thoughts on the “bug hunting” initiatives etc.

Posted by

I have been thinking a lot about the fact that the panetesting, sourco code reviews and all those security assurance problems just point out the problem. Fixing the discovered application security issue however is a prerogative of the developers which unfortunately are still lacking security expertise. Bug hunters and zero days discoverers have been long rewarded for their work and the fame and cache is attracting more and more people in that direction. Fixing the security issues on the other hand is some times not so simple process and with the lack of security expertese complicates the situation even further. So basically we are ending up with constantly rising pile of CVE reports and choacking development industry trying to catch up … Why the companies having open source products out there do not benefit the open source community and spare some cache and fame boards to reward the people that аре actually fixing the things?  At the end I think those are the heroes (if they do a proper job and not giving us more bugs 😉 )

Leave a Reply

Your email address will not be published. Required fields are marked *