h a l f b a k e r yWhere life irritates science.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
To encourage security researchers to not be afraid of
disclosing their finding, there should be a registry or a
standardised clause that businesses can sign up to or
register.
This will have a contractual clause that a security
researcher
who have conducted all reasonable efforts to disclose
the
vulnerability will not in anyway be attacked by the company
in question for disclosing the vulnerability. (e.g. via sending
the FBI to raid the security researcher.)
Security researcher discovers glaring problem with patient data system, FBI stages armed dawn raid
https://bbs.boingbo...med-dawn-raid/78750 [mofosyne, May 28 2016]
[link]
|
|
Why would someone believe an arbitrary company would keep this promise? |
|
|
Is "security researcher" really a thing, or is this some kind of
sanitised language for "hacker" (of whichever hat colour)? |
|
| |