Well the latest Month of Bugs just kicked off. The question is though, are any of these recent efforts by security researchers making a difference? It doesn’t appear to be so far. By that I mean, no company has come forth with a mea culpa and admitted to producing crap software. The truly bizarre part is that some software vendors try to take the legal hammer to some of these researchers. This crap attitude really blows me away. Shouldn’t they instead be falling over themselves thanking these people who give them tons of time to write up a patch???!!! Let alone think about compensating them for their time spent invested in discovering the bug. What an asinine policy these software vendors have. I really would love to see some legislation introduced by Congress which would start to hold the software vendors "feet to the fire" as it were. What a sad and pathetic state of affairs we have.
Technorati Tags: Responsible disclosure policy, Month of Bugs, Exploit, Software vendor