WHEN computer security consultant Charlie Miller found a bug in the open-source software program Samba, he tried to sell it to the security firms or agencies who stood to lose out if hackers exploited the weakness. Trouble was, Miller found he had no idea how much it was worth.
As a result he had no way of knowing if he was being offered a fair price for the bug, which could potentially allow malicious hackers to attack any computer running Samba. He was also wary of handing over the information to potential buyers before a sale was agreed, with nothing…
