The essence of security is not trusting that people will do the right thing. Firewalls, deadbolts and armed guards exist to slow down or stop bad guys, not to encourage good acts from good guys. With that in mind, let’s look at how companies today handle security holes and ask ourselves if this, alone, isn’t proof that humans are crazy.

Companies beg people that find security holes — whether they are cyberthieves, security researchers, journalists or rank-and-file end users — to report them to the company itself. Looked at from a moral altruistic perspective, this makes sense, assuming the intent is to plug the security hole, rather than encourage the population to exploit it.

To read this article in full or to leave a comment, please click here