h a l f b a k e r y
Loading tagline ....
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
or get an account
To encourage security researchers to not be afraid of
disclosing their finding, there should be a registry or a
standardised clause that businesses can sign up to or
This will have a contractual clause that a security
who have conducted all reasonable efforts to disclose
vulnerability will not in anyway be attacked by the company
in question for disclosing the vulnerability. (e.g. via sending
the FBI to raid the security researcher.)
Security researcher discovers glaring problem with patient data system, FBI stages armed dawn raid
[mofosyne, May 28 2016]
||Why would someone believe an arbitrary company would keep this promise?
||Is "security researcher" really a thing, or is this some kind of
sanitised language for "hacker" (of whichever hat colour)?