Gartner: Hacking contests bad for business

A pair of Gartner analysts Tuesday denounced a recent hack challenge that uncovered a still-unpatched QuickTime bug, calling it "a risky endeavor" and urging sponsors to reconsider such public contests.

The research manager of TippingPoint, the company that paid $10,000 for the QuickTime vulnerability and its associated exploit, rebutted by saying that at no time was there any danger of the vulnerability escaping from responsible parties.

"Public vulnerability research and 'hacking contests' are risky endeavors and can run contrary to responsible disclosure practices, whereby vendors are given an opportunity to develop patches or remediation before any public announcements," said analysts Rich Mogull and Greg Young in a research note published by Gartner on Monday.

Full InfoWorld story.

Certainly starts to blur the lines between the good guys, the bad and "responsible disclosure". How long before company A puts a bounty on "security research" of company B - their competitor?