top | item 11564895

(no title)

People who find vulnerabilities purely for the bounty seem to fit the classical definition of Bounty Hunters or Mercenaries. Certainly not researches. They're not in it for the academic benefit or advancing the state of the art. They're in it for the cash.

discuss

2trill2spill|9 years ago

So your saying someone who does security research but does not get paid is a researcher, but if someone else does the same research but they get paid their not a researcher?

So what if a security researcher is paid for their work? We don't say Lawyers are not Lawyers because their being paid and not doing work pro bono.

Remember security research takes lot's of time, skill and hardware they should be paid to do their work.

sqeaky|9 years ago

A person can do research on a salary. Demanding money because you found a 0-day in their software is scarily similar to blackmail.

There is plenty of room between blackmail and research. A professional researcher can draw a paycheck and release exploits as found.

wildmusings|9 years ago

What? So unlike every other profession, you're not a real infosec researcher unless you're not in it for the money? Just about everyone does their job for the money. Are we all mercenaries too?

sgift|9 years ago

Last time I checked our society tells us that striving for money is the way to go, so why should researches be hold to different standards? If you don't like the game, change the rules - don't blame the players.

tptacek|9 years ago

This is a weird kind of ownership you've taken over the word "researcher". There are all sorts of people traditionally described as researchers, and many of them are private and for-profit.

unknown|9 years ago

[deleted]

dogma1138|9 years ago

So researchers that build weapons aren't researchers?