I've spent too much time recently in sessions with talented technical people who already have more than enough on their plates to have to worry about trolls. For those of you lucky enough not to have had to deal with them, trolls are social media-enabled nobodies who spend their days making trouble online for legitimate businesses. They write strident screeds filled with empty assertions about alleged system flaws and security holes and threaten to "publish" these mostly misleading and always provocative commentaries if their "concerns" and comments aren't immediately addressed. Say, with cash. I wish that having to deal with this Internet pond scum was just my own misfortune, but the problem is growing and there's a real concern here, especially for startups, which don't have the luxury of dedicated resources devoted to breach and security issues.
The issue isn't so much about the alleged flaws and security issues that these trolls and fake "researchers" report or threaten to publish (using click-happy and equally craven "reporters"); it's because (a) they burn tremendous amounts of what could otherwise be productive time on the part of your technical people and (b) they specifically target those techies who are the brightest yet most naïve, who tend to be the most committed and the thinnest-skinned, not to mention the most conscientious and diligent members of your team. These attributes may make them great coders and developers, but they absolutely make them the worst possible people to deal with trolls. They mistakenly think it's a fair contest; and then they take every criticism and complaint about their work to heart and much too personally.
Sadly, your tech naïfs think that if they can simply explain things properly to the trolls everything will be better, and the problems will go away. This is a lot like hoping that the hungry lion won't eat you because you're a vegetarian. There really isn't a polite or politically correct way to say this but there simply are NO good trolls. Not a one. The thought that you can engage with the good trolls--or that you can even figure out who those might be-- is basically and badly deluded.
Trolls are fundamentally damaged people who can't help themselves, like the scorpion that stings the turtle that carried him safely across the river. Why did he do it? Because it's the scorpion's nature, so what else would you expect. These guys have no one's best interests in mind other than their own. And it's not totally clear that they even know what their own motives might be, since this is no way for even asocial morons to spend most of the waking hours in their sad little lives. Nitpicking and scab scratching - day in and day out - for no good reason and to no good end.
I admit that it can be a little confusing because some of these people can actually carry on what appears to be an intermittently rational (albeit usually anonymous) email or text conversation - or a Twitter storm - for periods of time until the "crazy" breaks through, their Mom calls them for dinner, or the tin foil hats come back out. You have to wonder why the ones of a certain age don't have day jobs that might actually give them a chance (and pay them) to employ some of their skills and analytical abilities in a productive - rather than abusive and erratic - fashion. But their distorted world doesn't work that way.
When you deal with them repeatedly you discover pretty quickly that in most cases (forget the real crooks and the ransom assholes) you actually can't pay them to come to work for you or to go away. It could be as simple as the fact that many of these people couldn't function in a business environment, don't know how to conduct themselves in polite company, or have just spent too much time alone in their basements talking to themselves and their pet whatevers. Needless to say, these aren't your typical dog and cat owners. They're much more likely to keep a couple of snakes and random rodents around their place. Making your tech people miserable seems to be what they do for fun.
So, I'd propose a couple of simple ideas that will help save you a lot of time and money and also help you curb the good-natured and well-intentioned, but foolish and dangerous, instincts of your tech people. Give them my five little rules.
1) If you assume the worst motives possible, you'll almost always be right.
2) Send all the trolls to Tom (or Biff or Bev) so he/she's the only one wasting his time.
3) Don't explain, don't complain, don't share, and don't commit to do anything. It's a slippery slope and an endless deluge of demands.
4) Threats and deadlines are a dime a dozen--don't be bullied or bluffed into doing something dumb.
5) Fast fixes and shortcut solutions always screw something else up.
Save yourself all the headaches and the heartaches by not getting started in the first place. There's no upside to wrestling with a pig --you get dirty and the pig enjoys it. You've got much better things to do and the pig has nothing but time. Trying to get a fair shake from a troll is like trying to find the clean end of a shit stick.