"Web applications pose a dilemma for bug hunters: how to test the
security without going to jail? If hackers probe traditional software
such as Windows or Word, they can do so on their own PCs. That isn’t
true for Web applications, which run on servers operated by others.
Testing the security there is likely illegal and could lead to
prosecution.
"There are more legal dangers to testing an application that is hosted
on somebody else’s system. That is a real challenge of this new
application model," said Wendy Seltzer, an assistant professor
specialized in Internet law at New York’s Brooklyn Law School.
As a consequence of the legal threat, well-intended
"white-hat" hackers often credited with finding bugs in traditional
software are hesitant to audit Web applications. This means that online
applications don’t face the same scrutiny as traditional software and
serious security holes could be left for unscrupulous criminal hackers
to find them. "
Article Link http://news.com.com/Bug+hunters+face+online-apps+dilemma…
