Profiting from software bugs continues:
Right. I think the current legal definition of insider trading involves only people inside a company whose stock is being traded, or maybe it includes people in a company about to buy another company or similar deal. But to me, an insider is someone who knows something the general public does not. Making book, er, stock trades on that knowledge, especially when it is harmful and vital knowledge, and you’ve taken steps to keep it that way until you profit, seems like it ought to be illegal. It’s at least heinous in this case.
So how to compensate a hacker who finds a bug? I think I agree that this particular effort seems unethical, although I’m a little concerned that I’m applying an engineering ethical system to a private sector transaction, but it seems proper to do so since we’re basically talking about engineering, even if it’s enabled by the private sector’s funding.
