User: Password:
Subscribe / Log in / New account

Vulnerability disclosure policies

Vulnerability disclosure policies

Posted Jul 8, 2010 16:34 UTC (Thu) by joey (subscriber, #328)
Parent article: Vulnerability disclosure policies

I think the last sentence gets at a key point:

"hope that [..] any loud zero disclosure of a flaw like that provides enough clues for the "white hats" to track down the problem in short order"

Auctioning off security flaws to the highest bidder is not a white hat activity. Giving the vendor first crack at buying your security flaw is, likewise, not a white hat activity.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds