LWN.net Logo

Advertisement

Writers Wanted

Front, Kernel, Security, Distributions, Development. See your byline here on LWN.net.

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A "Grey Hat" guide for security researchers

[Posted November 24, 2008 by jake]

A "Grey Hat" guide for security researchers
[Security] Posted Nov 24, 2008 21:47 UTC (Mon) by jake

Jennifer Granick of the Electronic Frontier Foundation (EFF) has created a guide for security researchers who may have run afoul of computer crime laws. It looks at the risks and some possible solutions for revealing information about vulnerabilities so that they can get fixed. Granick is seeking comments to improve the guide. "The researcher is in a quandary when she has potentially broken the law, but never intended to steal information or invade privacy and wants to see the problem fixed. Reporting the information raises a red flag that could result in an investigation and civil claims or even criminal charges. Keeping quiet means that the flaw will go unremedied and potentially could be exploited by someone who does have criminal intent. What is the grey hat hacker to do?"

Comments (21 posted)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds