An attempt to offer a legitimate outlet for hackers who want to earn an honest crustHere is a dilemma. Suppose you are a computer hacker and you discover a bug in a piece of software that, if it were known to the bad guys, would enable them to steal money or even a person’s identity. It would be a feather in your cap. But feathers do not pay the rent. So how might you sell your discovery for the highest price? Asking for cash from the company that sold the buggy software in the first place sounds a bit like blackmail. The implicit threat is that if the firm does not stump up, the knowledge might end up in disreputable hands. But, in truth, it is mainly that possibility which gives the bug value in the first place. What, then, is a fair price, and who is to negotiate it?
http://economist.com/science/displaystory.cfm?story_id=9507422