But couldn't employees already create holes on purpose to sell them?
Most corporate programmers would have no idea who would buy such a thing or what the right price is. Making that market clear and making transactions easy should increase production. That's what every commodities market does. As an example, consider the Chicago Mercantile Exchange, the early history of which is well described here: http://www.amazon.com/The-Merc-Emergence-Financial-Powerhous...
Thanks for the link. Remarkable Amazon overview: "Nor does the author offer any particularly illuminating perspectives...his frequently fawning account of the CME's origins and first 50 years as an arena for commercial hedgers and venturesome speculators amounts to little more than a family album in which forgotten knaves are as fondly and foolishly remembered as hitherto unheralded princes and their lightweight aides. Remarkable mainly for its consistently graceless style"
Ouch. Remind me never to have that guy review any of my books.
I understand what you are saying, and I understand why it's feasible to keep it small, concealed and restrict participants to certain customers. At least early in the game.
What I'm saying is that this state of affairs is temporary at best. Forbes is out with it. There will be many more articles. The prices are already in the 6-figure range. Soon they'll be at seven figures. No matter what we'd like the market to be like, any programmer with Google access should easily be able to determine he could make himself a millionaire just by releasing a vulnerability into the wild. Whether that information is easy to find right now or not is moot. It'll get easier. We're all connected. Supply meets demand. No amount of wishing it weren't so is going to change any of that. Works this way for illegal drugs, will work this way for security vulnerabilities.
I think the question here is whether to shun, outlaw, shame and hide this kind of stuff or to embrace it. In my opinion, we have enough examples that the first choice doesn't work so well, where the second choice benefits the rest of us even if we find the entire affair distasteful.
But I believe the greater point is that there are so many people affected by this hidden market that keeping information from them should be a crime. Yes, I wish that we could live in a world where we could slap a big old Google, Microsoft, Amazon, or Apple logo on something and know that it is safe. But that world doesn't exist and it's never going to exist. Might as well start living in the world we find ourselves.
Yeah, the book is definitely an in-house history, but it does a fine job of showing how a commodities market emerges and the way it shapes commerce as long as you skim a little.
Illegal drugs is a poor analogy; there are a lot of participants in the market, a lot of small transactions, and it can be a victimless crime. If you are looking to buy a little weed, your friends probably don't care.
A better one is high-end weapons. E.g., missiles. That's a market that's relatively small and obscure, and the prices are high. State actors can get away with trafficking, but individuals run a substantial risk of running across sting operations and other law enforcement activities. Further, as long as the market is widely reviled, random citizens are likely to report suspicious activity.
So long as there's significant penalty to participating as a seller in this market for those actually writing the software then I don't see why it can't be public. I don't think it would be a good idea to allow without penalty someone who is writing the software to be cashing in on million+ dollar bonuses for back doors he writes himself however. That seems analogous to insider trading.
Forfeiture of all money gained as such and a stiff jail sentence should be enough to discourage any but those who are already doing this without public knowledge of the market.
The more recent book _The Futures_ covers the same subject and has most of the same flaws, excepting perhaps that it takes a more measured tone about the schemers who rigged the early commodity markets.
Most corporate programmers would have no idea who would buy such a thing or what the right price is. Making that market clear and making transactions easy should increase production. That's what every commodities market does. As an example, consider the Chicago Mercantile Exchange, the early history of which is well described here: http://www.amazon.com/The-Merc-Emergence-Financial-Powerhous...