Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reporting Vulnerabilities Is For The Brave

Posted by ryuzaki0 on from the cya-first-and-always dept.

An anonymous reader writes "A recent post on the CERIAS weblogs examines the risks associated with reporting vulnerabilities. In the end, he advises that the risks (in one situation, at least) were almost not worth the trouble, and gives advice on how to stay out of trouble. Is it worth it to report vulnerabilities despite the risks, or is the chilling effect demonstrated here too much?"

4 of 245 comments (clear)

  1. Apropos Comment by Stanistani · · Score: 3, Funny

    Coincidentally the quote on the bottom of the page when this was posted:
    I stick my neck out for nobody. -- Humphrey Bogart, "Casablanca"

    Ah well, at least we'll always have Paris.

    --
    You can't talk about Wikipedia's flaws on Wikipedia
  2. Re:Reporting vulnerabilities safely? by icepick72 · · Score: 3, Funny
    I would have to rewrite 3 as:
    3) Walk around until you find an unsecured AP of somebody you don't like.

    So then the common computer illiterate that didn't have his AP properly secured gets hassled by the police instead.

  3. You know what they say... by humankind · · Score: 4, Funny

    When vulnerabilities are outlawed, only outlaws will use vulnerabilities.

  4. Simpler than unsecured Wi-Fi by Intron · · Score: 4, Funny

    I recently figured out a fairly anonymous method of reporting vulnerabilities for a cost of only $0.39. Send SASE for details.

    --
    Intron: the portion of DNA which expresses nothing useful.