Jul 08, 2013
The Security Pro’s Guide To Responsible Vulnerability Disclosure
Since the early days of “ethical hacking” and security vulnerability analysis, researchers have followed a time-honored set of rules and traditions as to how to reveal the vulnerabilities they discover in a way that gives the bad guys as small a window as possible to exploit potential security holes in systems and software. With the advent of “bug bounties” and offers from cybercriminals and government agencies, however, a new vulnerability today has a higher price than ever before.
Technology providers are responding to vulnerabilities faster and more openly than ever, which puts an increasing burden on enterprise IT professionals to respond in kind. This requires increased vigilance, not to mention adequate resources to deal with vulnerabilities.
This Dark Reading report lays out the new vulnerability reporting and remediation “rules” and provides context around the changing relationship among security researchers, black-hat hackers, technology providers and enterprise IT professionals. (S7170713)