Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - Web vulnerability disclosure

Submitted by Scott
Scott (666) writes "I'm submitting my own story on an important topic: Is it illegal to discover a vulnerability on a Web site? No one knows yet but Eric McCarty's pleading guilty to hacking USC's web site was "terrible and detrimental" to tech lawyer Jennifer Granick, who believes the law needs to be at least clarified, if not changed to protect those who find flaws in production Web sites as opposed to those who "exploit" production Web sites. Of course, the owners of sites often don't see the distinction between the two. Regardless of whether or not it's illegal to disclose Web vulnerabilities, it's certainly problematic, and perhaps a fool's errand. After all, have you seen how easy it is to find XSS flaws in Web sites? In fact, the Web is challenging the very definition of vulnerability and some researchers are scared. As one researcher in the story says: "I'm intimidated by the possible consequences to my career, bank account and sanity. I agree with [noted security researcher] H.D. Moore, as far as production websites are concerned: 'There is no way to report a vulnerability safely.'""

Computers will not be perfected until they can compute how much more than the estimate the job will cost.

Working...