Half a croissant, on a plate, with a sign in front of it saying '50c'

h a l f b a k e r y

RIFHMAO
(Rolling in flour, halfbaking my ass off)

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:

pass:
register,

...
Sixth Sense Eraser
Special credit cards for pentesters
System Introduction
Time-Locked Data Chip
timed data safety
toddler mode
USB Drive Lock
We will not sue or swat you for responsible disclosure clause
wolf wolf

computer:security

... authentication
... captcha
... firewall
... password

We will not sue or swat you for responsible disclosure clause

(+3)

[vote for,
against]

To encourage security researchers to not be afraid of disclosing their finding, there should be a registry or a standardised clause that businesses can sign up to or register.

This will have a contractual clause that a security researcher who have conducted all reasonable efforts to disclose the vulnerability will not in anyway be attacked by the company in question for disclosing the vulnerability. (e.g. via sending the FBI to raid the security researcher.)

—	mofosyne, May 28 2016

Security researcher discovers glaring problem with patient data system, FBI stages armed dawn raid https://bbs.boingbo...med-dawn-raid/78750
[mofosyne, May 28 2016]

[link]

Why would someone believe an arbitrary company would keep this promise?

—	Voice, May 29 2016

Is "security researcher" really a thing, or is this some kind of sanitised language for "hacker" (of whichever hat colour)?

—	Custardguts, May 29 2016

[annotate]

back: main index

business computer culture fashion food halfbakery home other product public science sport vehicle