The truth is that the way almost all security holes are found are via 3rd party security researchers. We want the good guys to be the ones finding the bugs, not the nefarious. Imagine a terrorist with the ability to control the brakes on 1.4million vehicles remotely. This would be a bad thing.
In the software world the security researchers get a few things from finding bugs, they often are tied to anti-virus/anti-malware companies. Some vendors offer a bounty for finding bugs. In other words if you hack a system the people that wrote that system pay you money. Other research houses are in colleges and they get fodder for their doctoral thesis or get their name out to the kinds of folks that hire a security researcher.
So Pogue’s “Don’t worry the sky is not falling” tone is a bit misguided. Yes you don’t need to live in fear, but these are potentially DEADLY hacks and need to be taken seriously.
- Tech Sully