Software giant Microsoft has publicly vowed not to press charges against so-called ‘ethical hackers’ who find and report flaws in its online services.

"The philosophy here is that if someone is nice enough to point out your fly is down then they're doing you a favour, and you should thank them rather than calling the cops and [calling them] a pervert”, said Microsoft security strategist Katie Moussouris at the ToorCon security conference in Seattle.

Microsoft’s move is rare for a major company, and could potentially increase the security of its websites by encouraging ‘independent security researchers’ to go looking for vulnerabilities and alert Microsoft to their existence.

"Don't hate the finder, hate the vulnerability,” Moussouris pointed out. “We don't actually want to discourage people who are trying to help us by being iffy about whether or not we're going to go after them."

Ethical hacking is a legal grey area and fear of prosecution makes those who discover vulnerabilities reluctant to report them to the company concerned.

"[Microsoft] is a huge target, obviously," Moussouris acknowledged. "We face a lot of issues that a lot of vendors haven't had to deal with. Not many vendors out there can break the Internet if they mess up their patches."

Further reading:

Perfect crime The global e-crime undergroud provides a masterclass in modern business practice.

Find more stories in the Security & Continuity Briefing Room