Reporting Vulnerabilities Is For The Brave - Slashdot

Catch up on stories from the past week (and beyond) at the Slashdot story archive

×

Reporting Vulnerabilities Is For The Brave 245

Posted by ScuttleMonkey on Monday May 22, 2006 @05:16PM from the cya-first-and-always dept.

An anonymous reader writes "A recent post on the CERIAS weblogs examines the risks associated with reporting vulnerabilities. In the end, he advises that the risks (in one situation, at least) were almost not worth the trouble, and gives advice on how to stay out of trouble. Is it worth it to report vulnerabilities despite the risks, or is the chilling effect demonstrated here too much?"

This discussion has been archived. No new comments can be posted.

Reporting Vulnerabilities Is For The Brave

Search 245 Comments Log In/Create an Account

Comments Filter:

Apropos Comment (Score:4, Funny)

by Stanistani ( 808333 ) writes: on Monday May 22, 2006 @05:26PM (#15383788) Homepage Journal

Coincidentally the quote on the bottom of the page when this was posted:
I stick my neck out for nobody. -- Humphrey Bogart, "Casablanca"

Ah well, at least we'll always have Paris.

Share
twitter facebook
Re:Reporting vulnerabilities safely? (Score:4, Funny)

by icepick72 ( 834363 ) writes: on Monday May 22, 2006 @06:02PM (#15384010)

I would have to rewrite 3 as:
3) Walk around until you find an unsecured AP of somebody you don't like.
So then the common computer illiterate that didn't have his AP properly secured gets hassled by the police instead.

Parent Share
twitter facebook
You know what they say... (Score:5, Funny)

by humankind ( 704050 ) writes: on Monday May 22, 2006 @06:03PM (#15384015) Journal

When vulnerabilities are outlawed, only outlaws will use vulnerabilities.

Share
twitter facebook
Simpler than unsecured Wi-Fi (Score:5, Funny)

by Intron ( 870560 ) writes: on Monday May 22, 2006 @06:22PM (#15384119)

I recently figured out a fairly anonymous method of reporting vulnerabilities for a cost of only $0.39. Send SASE for details.

Share
twitter facebook
Run an end-around (Score:1, Funny)

by Anonymous Coward writes: on Monday May 22, 2006 @07:40PM (#15384490)

Post vulnerabilies on as many IRC channels as you can. Post vulnerabilites on slashdot comments. Post them on jihad websites. Post them on college bulletin boards.

In short, post them as anonymously as possible. Don't go through the fucking "right" channels, because they are looking to retain their share-holders confidence. Which is why you heave a god damn shitbomb into their office and let them sort that son of a bitch out. Eventually, people will start taking security fucking seriously. They will start asking about NetBSD, hooking up hardware firewalls, and thinking twice before shopping at Best Buy. And the you won't be sitting in jail because you reported a 0-day exploit to M$/Apple/Redhat/Berkeley/FuckingSCOX.

Run an end-around. Works for football, works for World War II submarines, and it works for reporting vulnerabilites.

Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

413 commentsChatGPT Leans Liberal, Research Shows
347 commentsAmazon CEO Says 'It's Probably Not Going To Work Out' For Employees Who Defy Return-to-Office Policy
327 commentsHotel Owners Start To Write Off San Francisco as Business Nosedives
323 commentsChina is Building Nuclear Reactors Faster Than Any Other Country
315 commentsChina is Calling in Loans To Dozens of Countries

Say "twenty-three-skiddoo" to logout.