Webmaster-Talk.com > Web Administration Talk > Computer Forum > Technology News > Informing a Company of a Security Discovery?

Reply
Informing a Company of a Security Discovery?
Old 11-04-2006, 02:20 AM Informing a Company of a Security Discovery?
TimSchroeder's Avatar
Admin/Owner

Latest Blog Post:
RIP eMonetized?
Posts: 6,141
Location: Orlando, FL
Talkupation: TimSchroeder is a splendid one to beholdTimSchroeder is a splendid one to beholdTimSchroeder is a splendid one to beholdTimSchroeder is a splendid one to beholdTimSchroeder is a splendid one to beholdTimSchroeder is a splendid one to beholdTimSchroeder is a splendid one to beholdTimSchroeder is a splendid one to behold
An anonymous reader asks: "I recently found a major security flaw through serendipitous independent research. I do not want to go into details, but it could be used against certain companies and have a large negative financial impact. However, I have no wish to use this for malicious purposes, and would rather profit by helping the company fix the problem. Seeing as many researchers have been persecuted/prosecuted lately for public disclosure, what is the best way to go about informing the company and agreeing on an appropriate fee for my services, without having it look as though I am trying to extort them?"</img>


Read More about: Informing a Company of a Security Discovery?...
TimSchroeder is offline
Reply With Quote
View Public Profile Visit TimSchroeder's homepage!
 
When You Register, These Ads Go Away!
Old 11-04-2006, 02:50 PM Re: Informing a Company of a Security Discovery?
vangogh's Avatar
Post Impressionist

Latest Blog Post:
A Ghoulish Collection of Links | This Month In SEO...
Posts: 8,935
Name: Steven Bradley
Location: Boulder, Colorado
Talkupation: vangogh has a reputation beyond reputevangogh has a reputation beyond reputevangogh has a reputation beyond reputevangogh has a reputation beyond reputevangogh has a reputation beyond reputevangogh has a reputation beyond reputevangogh has a reputation beyond reputevangogh has a reputation beyond reputevangogh has a reputation beyond reputevangogh has a reputation beyond reputevangogh has a reputation beyond repute
Sadly it's such a touchy issue. While you may be honestly trying to help a company by informing them of the holes in their security there's just as much chance of them accusing you of hacking into their system and alerting the authorities.

It's sad because the word hacker is now associated with crime instead of with intellectual curiosity and creative problem solving, which is more in line with what the word really means.

I know if someone alerted me to a flaw in my site that could potentially lead to something malicious I would thank the person who let me know and ask if they could help me fix the hole. It's a shame that many companies would take the opposite stance.
__________________
l Search Engine Friendly Web Design | Van SEO Design
l Tips On Marketing, SEO, Design, and Development | TheVanBlog
l Custom WordPress Themes | Small Business Forum
vangogh is offline
Reply With Quote
View Public Profile Visit vangogh's homepage!
 
Reply     « Reply to Informing a Company of a Security Discovery?
 
Previous Thread | Next Thread Webmaster-Talk.com > Web Administration Talk > Computer Forum > Technology News > Informing a Company of a Security Discovery?

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Webmaster Resources Marketplace:
Software Development Company | Webhosting.UK.com | Text Link Brokers 


   
RSS Feed  Feeds: RSS   JS   XML
RSS Feed  Feeds for this forum: RSS   JS   XML

 


Page generated in 0.10995 seconds with 12 queries