Data security officers keep their eyes open for risks. Usually this means monitoring reports from automated security systems that flag potential security events and listening to employees’ reports of security issues. There is a great deal of debate, however, about the merits of listening to the security concerns of people outside of an organization. On one end of the spectrum companies refuse to discuss any aspect of their security with the public. On the other end of the spectrum companies proactively encourage the public to report security vulnerabilities by paying well meaning hackers (usually called “white hat” hackers) to report problems . . .