Security Decision's Poll

Lately, from what I know, security admin's aren't so "willing" so to speak as to let hackers who find holes and patch them have a job. Instead, many are taking the initiative and filing a court order or throwing a jail term at them. Being a network admin for me, I would choose to offer them a job or thank them in anyway. My question is, what would you do, Offer Job/Reward or File Lawsuit/Report them? I'm just curious and I'm doing a study for school. Thank you for any responses or feedback I get.

That is a great question. My answer would be an obvious: Offer Job/Reward. I believe that in finding it, they were smart and helpful at the same time. Offering a job would be a smart move for the company anyways, since this guy was obviously smart enough to find the bug and exploit it. I would also be happy with the fact that he didn't share it with people (hopefully) and reported it to me. So, that's my answer. -- Jason Copeland

that would really depend on the nature of the attack.

if some one broke in and went for financial records or sensitive material, id have no choice but to call the cops.

if someone found a hole, did no damage and told me id have no choice but to thank them.

If the web site was defaced it would depend on how visible it was to every one. if the whole world knew id be in a position where id have to cover my ass and act on them criminally if possible. if i caught it right away and i could fix it without anyone seeing it id just keep my mouth shut.

i would never hire anyone that could potentially embarrass me and put my lively hood in jeopardy. id have to be nuts.