back to article Infosec big names rally against US voting app maker's bid to outlaw unsanctioned bug hunting via T&Cs

About 70 members of the computer security community on Monday challenged US voting app maker Voatz's effort to dictate the terms under which bug hunters can look for code flaws. Earlier this month, Massachusetts-based Voatz filed an amicus brief in Van Buren v. United States, a case being heard by the US Supreme Court that …

  1. sanmigueelbeer Silver badge

    it will mean companies can decide for themselves

    Translation: The company is too busy counting the money rolling in they can't-and-won't fix the vulnerabilities.

    Look at it this way, if Donald loses this election, he can use this as a leverage for the recounting of the votes.

    1. DS999

      If he loses, recounting won't change the outcome, he just wants that for show. He needs to throw up a lot of mud so that if he loses he can claim the election was stolen from him - the same scam he was setting up prior to the 2016 election when he was expecting to lose.

      He'll get a regular show on Fox News next year where he'll whine and bluster and continue dragging the republican party down the drain with him, until all the investigations that he's no longer able to stop get the goods on him and he's exposed for the giant fraud he always has been.

      Only after he's disgraced can the republican party purge his enablers and quit trying to be the party of the angry white man. If they continue down that path into the 2024 election, they will become the Whig party of the 21st century and some new party will spring up to replace them.

      1. Pascal Monett Silver badge

        And about damn time too.

      2. Clunking Fist Bronze badge

        "He'll get a regular show on Fox News next year where he'll whine and bluster and continue dragging the republican party down the drain with him, until all the investigations that he's no longer able to stop get the goods on him and he's exposed for the giant fraud he always has been."

        Steady on: readers will see through your thinly veiled smear of Hillary Clinton by referring to her as "he/him/his" and using Fox instead of MSNBC!

  2. chuckufarley

    Free your mind...

    ...And the world will follow. This is a classic case of tunnel vision.

    If Democracy fails in U.S. it means Civil War II and since the U.S. spends such a large percentage of it's money on weapons it would be a catastrophic civil war. There is no way to fight drones equipped with Hellfire missiles when the best weapons your side can muster are small arms. You cannot defeat a tank battalion with a few dozen AR-15's and Winchester 270's. If the military splits into faction like in the first Civil War there will be more than two sides this time around and their resources would be heavily fragmented. So we would have some people with planes and tanks, others with tanks and ships, and still others with nothing but a few nukes. Complex lifeforms on Earth could not survive such a war.

    Anyone who can bother themselves to think about this stuff for a few minutes will come to the same conclusion: Democracy has become Too Big To Fail.

    So if security researchers are finding bugs that threaten Democracy they shouldn't be made into outlaws but lauded as heroes. If a company manufacturing technology vital to the Democratic Process cannot tell the difference between Democracy and Capitalism they should be replaced before the harm they can induce out paces their imaginations.

    1. DryBones

      Re: Free your mind...

      You most certainly can, just not on the tank batallion's timetable. You appear to have forgotten that almost every single guerrilla / asymmetric war that the US military has taken part in, it has lost.

      You have gents locked in cans with limited resources, versus those that are unconstrained in how they approach the situation. Got out to use the loo? Oh, that's two down already. Oh, got out to go sleep? That's more. Slept in the tank? Shame about the flammables or the poison gas or the other fun things that happened. You thought they were air-tight? Naaaah....

      In short, most of your post was puffery, and the rest misses the real point. Yet another company is trying to conceal how shit their product is, likely lying about the actual events. Real attackers aren't going to give a shit about whether they've hurt this company's feelings or not, so here's hoping they get completely creamed by the courts.

    2. cbars Silver badge

      Re: Free your mind...

      What? Oh, you mean the second North American Civil War... Yes, let's go from IT security disclosure straight to nuclear factions.

  3. Thomas PinkOne

    By all means make it illegal to find security holes

    That will gift a monopoly on security research to ... criminals.

    Vulnerability notifications will then come in the form of your entire business collapsing catastrophically without warning resulting in class action suits against you and possibly jail terms. But at least you'll have saved a few $ on not having to write or test secure code.

    1. Anonymous Coward
      Anonymous Coward

      Re: By all means make it illegal to find security holes

      ... with one of the main points in the class action suits being "you wouldn't allow security testing from outside individuals".

  4. Pascal Monett Silver badge
    FAIL

    "The University of Michigan student was not a participant in our bug bounty program"

    And that counts for what ? Is there a legal requirement to have to sign up in the program before testing for vulnerabilities ?

    No there is not. And, like it or not, your product will come under the attention of state actors that have much more experience under their belt.

    You are not running a controlled ship. You have a product out there, and it will be under attack.

    You are supposed to welcome investigation by people who are trying to help, because smothering them is only going to leave the door wide open to people who have no intention of telling you what you missed.

  5. Anonymous Coward
    Anonymous Coward

    >it will mean companies can decide for themselves...what constitutes criminal behavior with regard to vulnerability research and other online interactions

    This point alone is worrying/dumb enough alone.

  6. You aint sin me, roit Silver badge
    Holmes

    What's that phrase about gun control?

    "If you outlaw vulnerability testing the only people testing for vulnerabilities will be outlaws."

  7. Anonymous Coward
    Anonymous Coward

    Starting a company

    Making my own rules, so we can sue everyone.

    Anyone that Emails us in any format besides plain text - is criminal hacking

    Anyone that pings our firewall, without permission - is criminal hacking

    Anyone,,,, well this list is going to get really really long, and I don't want you to know what I consider criminal, so that I can sue you,

    so, yeah, get rich quick scam - plan # 60832b

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020