04/22/08 02:00 AM
Microsoft Opens the Doors for Ethical Hackers.
At the ToorCon conference in Seattle this past Saturday, Microsoft announced it would allow ethical hackers to test and probe it’s services.
In a first for a major company, Microsoft has publicly pledged not to sue or press charges against ethical hackers who responsibly find security flaws in its online services.
I personally think this is great news, and wish more larger companies would do the same. Far too often are valid security holes being found, and not reported in fear of repercussions, and those same holes are then exploited by real hackers for their own personal gain. We need a community more open to the fact that there are good guys out here who are trying to help.
Luckily it seems I’m not the only one with these views.
Katie Moussouris, a Microsoft security strategist, said she is pushing to get a provision added to a proposed standard that’s making its way through the International Organization for Standardization that would protect ethical hackers who responsibly disclose vulnerabilities in other companies’ websites. “If I get my way, it’ll be in there,” she said.