Freelance Word Punk

[THIS SITE IS NO LONGER BEING UPDATED - IF YOU HAVE ENDED UP HERE YOU ARE IN THE WRONG PLACE, PLEASE CLICK WWW.HAPPYGEEK.COM TO VIEW NEW CONTENT BY DAVEY WINDER]

Friday, October 02, 2015

Is responsible disclosure responsible enough?

A Jeep taken over from 10 miles away via in-car entertainment system in the summer and just this week news breaking of critical medical devices that are being 'owned' by botnet operators. Vulnerabilities in your web browser are one thing, but when they are in your car or an MRI scanner then the potential impact takes on a different hue. As, indeed, does the small matter of how the security researchers who most often uncover the coding flaws disclose them. New research from AlienVault reveals that 64 percent of security professionals think that when security researchers get no response from vendors when it comes to disclosing a vulnerability with 'life-threatening implications' then the vulnerability should be made public. Some 19 percent of the 650 IT security pros questioned at Black Hat in Las Vegas earlier in the year went as far as to say the vulnerability should be fully disclosed to the media. This is in stark contrast to the traditional process of responsible disclosure whereby all stakeholders agree to a set period for a fix to be produced before any such publication. SCMagazineUK wondered what industry insiders thought, so we asked them...
Newer Post Older Post Home

Blog Archive




Co-founder of IT Security Thing Ltd, Davey Winder is a three time winner of the Information Security Journalist of the Year award (2006/2008/2010) and received the prestigious Enigma Award for his lifetime contribution to information security journalism in 2011.



Simple theme. Powered by Blogger.