LET US NOW PRAISE HOMELAND SECURITY OFFICIALS WHO HAVE A CLUE:
LAS VEGAS (AP) – A presidential advisor encouraged the nation’s top computer security professionals and hackers Wednesday to try to break computer programs, but said they might need protection from the legal wrath of software makers.
Richard Clarke, President Bush ( news – web sites)’s computer security advisor, told hackers at the Black Hat conference that most security holes in software are not found by the software maker.
“Some of us, here in this room, have an obligation to find the vulnerabilities,” Clarke said.
Clarke said the hackers should be responsible about reporting the programming mistakes. A hacker should contact the software maker first, he said, then go to the government if the software maker doesn’t respond soon. . . .
Companies differ in their response to independent researchers. While some encourage or even reward bug-hunters, others are more concerned about the possibility of extortion or embarassment to the company. In some instances, they seek civil or criminal charges against the hacker.
Clarke said that situation is “very disappointing,” as long as the hacker acts in good faith.
“If there are legal protections they don’t have that they need, we need to look at that,” he said.
This is, with blinding obviousness, right. Just so long as it isn’t turned into a backdoor for Rep. Howard Berman’s (D-Disney) bill to authorize corporations to hack your computer. That’s not the same thing at all.