Hacker News new | past | comments | ask | show | jobs | submit login

Fewer people need to know about the program in general

. . . except for the outsider who mailed them about it and got paid a chunk of money as a result.




Not to mention, the outsider is a complete unknown. Are they an upstanding white hat? Or are they the darkest of greys? You have no idea.

At least an internal employee is on your payroll, and has been screened with a background check. You don't get to screen which people get to discover vulnerabilities.


This person would just be reporting a exploit and and getting paid for it.

They would not know about the program which takes that exploit and then gives it to the NSA.


And why would a programmer know it was for the NSA? Just tell your underling, "We need a backdoor for <Plausible reason>"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: