Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reporting Vulnerabilities Is For The Brave

Posted by ryuzaki0 on from the cya-first-and-always dept.

An anonymous reader writes "A recent post on the CERIAS weblogs examines the risks associated with reporting vulnerabilities. In the end, he advises that the risks (in one situation, at least) were almost not worth the trouble, and gives advice on how to stay out of trouble. Is it worth it to report vulnerabilities despite the risks, or is the chilling effect demonstrated here too much?"

2 of 245 comments (clear)

  1. Depends on who you report to by overshoot · · Score: 4, Insightful

    All things considered, it's a whole lot safer (not to mention more profitable) to notify the black hats about vulnerabilities rather than the vendors or the public.

    --
    Lacking <sarcasm> tags, /. substitutes moderation as "Troll."
  2. And that's why I use open source by disasm · · Score: 5, Insightful

    Open Source projects don't interrogate and try to prosecute you if you find a security problem and report it.