18 December 2005

Freelance bugfinders

In an interesting, er, development in software, someone recently tried to sell on eBay a bug he'd discovered in Excel. This bug would allow a maliciously-crafted spreadsheet to assume control of a Windows computer on which it was opened. The existence of a vulnerability in a Microsoft product is nothing new, of course—but the attempt to sell it is.

Software companies seem to expect their users to provide the valuable service of bug-finding for free, while charging for a product which is not guaranteed to do anything at all. (Ever read a EULA? They typically, in effect, deny that the software is in any way useful.)

Now, bugs do cost the software companies money, mostly in support costs. So those companies should be willing to pay for bug reports. Common, minor bugs ("I can't print to my 1978 IBM line printer from Windows XP!") would garner small payments; more major bugs ("Selecting that checkbox wiped my disk clean and electrocuted my hamster!") would get paid more.

It could create a cottage industry in bug-finding. On the other hand, it might bankrupt certain software companies.

Technorati Tags: ,