"all the while can sell their most impressive findings to botnet builders on the underground."
Great reputation builder, there.
I think the point of the conference talk "No more bugs for free" was to encourage software developers that they should work with vulnerability researchers instead of vilifying them or encouraging selling a vulnerability on the underground.
Yes it's true that vulnerability disclosure can have a positive externality of credibility which "may" lead to a job; however, there are plenty of very important vulnerabilities which go unpatched in large part because credibility is often not worth enough to even bother.
"hmmm. make $20/hour or report a vulnerability which may or may not benefit my career. Tough choice." (sarcasm)
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
