“The actions of world governments to buy these things has made it more likely that hackers will sell vulnerabilities and we will all remain vulnerable,” said Bruce Schneier, a fellow at Harvard Law School’s Berkman Center for Internet and Society.

Discovering such weaknesses isn’t easy, even for companies that design software. That’s largely because “when computer science majors in schools are taught code, they are not taught about security vulnerabilities,” said Lillian Ablon, who co-authored the Rand study.

Until that changes, many experts believe, hiring hackers to find the flaws makes sense.

via Silicon Valley companies paying hackers ‘bounties’ to find their flaws before crooks do – San Jose Mercury News.