How Do You Fix A Leaky Net

from the certainly-not-the-way-it's-being-done-now dept

A good look at some cases and some of the major legal issues concerning people who find security holes in software and alert companies (or others) about those holes. The article mainly focuses on the Brian West story. If you haven't been following it, he found a security hole, went in, downloaded some files to verify the hold (his claim), notified the site, and was promptly arrested. Some people claim he went too far in downloading the files, and thus "exploited" the hole and broke the law. The article also talks about the issue of publishing a security hole before it's been fixed. There are a lot of good issues discussed that the legal system really needs to come up with answers to.