Microsoft Picks New Song for Hacker Slow Dance

 
 
By Ryan Naraine  |  Posted 2008-04-21 Email Print this article Print
 
 
 
 
 
 
 

Microsoft has chosen a new song to continue its public slow dance with the white hat hacking community: online properties like *.microsoft.com, *.msn.com and *.live.com.

According to Dan Goodin reporting from Toorcon Seattle, Microsoft security strategist Katie Moussouris pledged that the software vendor will not sue or press charges against ethical hackers who responsibly find--and report--vulnerabilities in its online services.

The embrace of the hackers is not entirely new--Microsoft has been addressing this issue in hacker forums--but the public offer of immunity for hackers who hunt for holes in its Web properties is seen as significant.

In a nutshell, it's not legal to hack into Web sites--see this post by Veracode's Chris Wysopal--and many SAAS (software as a service) companies frown on attempts to attack its servers with impunity.

But, as Microsoft's Moussouris points out, companies should be thankful when researchers help pinpoint weaknesses in online systems.

"The philosophy here is if someone is being nice enough to point out your fly is down, they're really doing you a favor and you should thank them rather than calling the cops and saying you're a pervert."

Microsoft has set up a special Web site to acknowledge and thank hackers who report online vulnerabilities. Since July 2007, 48 hackers have been credited with finding Web site bugs.

* Photo credit: jem (Creative Commons 2.0)

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel