@Rick_R
only a fool would threaten. Maybe we need to set up a vulnerabilities exchange and allow the vulnerability to be sold to the highest bidder. I realize that there may be practical difficulties in making this work, but I believe it is doable.
The owner of the SW containing the vulnerability would presumably not dare not to be the highest bidder for a vulnerability of any consequence. If no bid is made the vulnerability is made public. Descriptions during the bidding process would have to be sufficiently detailed for a bidder to estimate the value of both the vulnerability itself if exploited (however he chooses, some of which would carry risks by their virtue of being illegal) as well as the cost of trying to uncover it independently, without assisting in that discovery in any meaningful way.
Individual researchers would quickly develop a reputation in this exchange regarding the quality, and hence the value of their research. Once in a while a dud might be sold for an inflated price, but that is no different than in any other market. If researchers had a way to sell their work, the quality and quantity of that work would also improve, leading to better SW and a more safe and secure internet..
Discussion on:
Message 13 of 1
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
