Slashdot Mirror

← Back to Stories (view on slashdot.org)

Disclosure of Major Software Exploits by Students?

Posted by Cliff on from the good-deeds-that-always-seem-to-be-punished dept.

school-hacker asks: "I am a U.S. university student who has recently come across 2 remote exploits for a homework program used by colleges nationwide. Both vulnerabilities allow students to give themselves arbitrary scores, and possibly execute arbitrary code. To further emphasize the scope of this vulnerability, I have written and -selftested proof-of-concept exploit code. Naturally, I want to share this information with their software engineers, and would even be nice enough and suggest a means to fixing it. However, with the state of current intellectual property and reverse-engineering laws, I hesitate to do so out of fear of litigation or academic disciplinary action. As an ethical geek, what do -you- do?" While the responses from an earlier story might prove useful, here, there is always the possibility of the university making things harder for the person reporting the problem. How can students avoid both legal and academic trouble, when trying to notify their university of security problems?

2 of 503 comments (clear)

  1. LOL by hughesey · · Score: 0, Offtopic

    *looks shady* You can trust us!

    --

    Michael "Hughesey" Hughes
    Head Editor/S
  2. Re:Down boy, down.... by robi2106 · · Score: 0, Offtopic

    But you don't have to go all cloak-and-dagger about it.

    But that is where all of the fun comes from!

    robi