Worse. It encourages selling them to the black market instead.
The illicit market for newly discovered security vulnerabilities generally pays pretty well, especially if you can demonstrate implementation. The only reason it’s not a much bigger problem is that most security researchers have some moral compunctions and the professional desire to fix problems, not proliferate them.
If the companies basically tell the security researchers to pound sand, that encourages making a living elsewhere.
This is why the ISS exists BTW. It was a jobs program for ex-soviet rocket scientists since by definition they’re all weapons specialists who just happen to be launching satellites instead of nukes.
These days there’s so much slop in the world that 0day reports end up being worthless. The idea is sound, but far too many people are abusing the system and so they’re not worth having anymore.
The report is only because there’s a 0-day sploit. It’s not like some cogsucker can make it up and get paid.
Okay so we’ll have to have a neutral third-party confirm them, but really that will have to happen now anyway since no one will trust AMD to pay their promises.
if you say so. meanwhile, for anyone who finds them and doesn’t have any morals, the US government will pay you up to a few million dollars depending on how valuable the zero-day is.
Uhh wont that discourage zero day reports?
Worse. It encourages selling them to the black market instead.
The illicit market for newly discovered security vulnerabilities generally pays pretty well, especially if you can demonstrate implementation. The only reason it’s not a much bigger problem is that most security researchers have some moral compunctions and the professional desire to fix problems, not proliferate them.
If the companies basically tell the security researchers to pound sand, that encourages making a living elsewhere.
This is why the ISS exists BTW. It was a jobs program for ex-soviet rocket scientists since by definition they’re all weapons specialists who just happen to be launching satellites instead of nukes.
These days there’s so much slop in the world that 0day reports end up being worthless. The idea is sound, but far too many people are abusing the system and so they’re not worth having anymore.
The report is only because there’s a 0-day sploit. It’s not like some cogsucker can make it up and get paid.
Okay so we’ll have to have a neutral third-party confirm them, but really that will have to happen now anyway since no one will trust AMD to pay their promises.
if you say so. meanwhile, for anyone who finds them and doesn’t have any morals, the US government will pay you up to a few million dollars depending on how valuable the zero-day is.