Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
Where life irritates science.

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


       

We will not sue or swat you for responsible disclosure clause

  (+3)
(+3)
  [vote for,
against]

To encourage security researchers to not be afraid of disclosing their finding, there should be a registry or a standardised clause that businesses can sign up to or register.

This will have a contractual clause that a security researcher who have conducted all reasonable efforts to disclose the vulnerability will not in anyway be attacked by the company in question for disclosing the vulnerability. (e.g. via sending the FBI to raid the security researcher.)

mofosyne, May 28 2016

Security researcher discovers glaring problem with patient data system, FBI stages armed dawn raid https://bbs.boingbo...med-dawn-raid/78750
[mofosyne, May 28 2016]

[link]






       Why would someone believe an arbitrary company would keep this promise?
Voice, May 29 2016
  

       Is "security researcher" really a thing, or is this some kind of sanitised language for "hacker" (of whichever hat colour)?
Custardguts, May 29 2016
  
      
[annotate]
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle