<2017 November>
SunMonTueWedThuFriSat
2930311234
567891011
12131415161718
19202122232425
262728293012
3456789

On this page...

Search

Links

Member of...


ASP Insiders

MVP Visual Developer ASP/ASP.NET

Enter CodeZone

Blog Categories

Microsoft

Blogroll

Deutsche Resourcen

Management

Sign In
 

#  Tuesday, 23 May 2006

A /. article pointed me to the blog post Reporting Vulnerabilities is for the Brave. Sounds familiar. Been there, done that. A customer had a Web site, and I told them about a problem. They told their vendor. And the vendor went after me - probably because, like most security-unconscious companies they felt threatened in one way or another.

Therefore I wholeheartedly agree with the instructions outlined, plus: lean back, and enjoy when the bad guys whack that company. Yes, this is controversial, but as long as companies don't "get it" that there are people that want to help them when reporting vulnerabilities, it is definitely better to keep your trap shut.

Aside from the cynical advice in the above paragraph, here is something to consider for your company: establish a policy - and publish it! - that you welcome security reports by security researchers (and Joe Average for that matter). This goes a long way to getting the threats mitigated before they are exploited.

Categories: Newsbites | Security | this
Tuesday, 23 May 2006 10:12:41 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



© Copyright 2017 Christoph Wille

newtelligence dasBlog 2.3.9074.18820
Subscribe to this weblog's RSS feed with SharpReader, Radio Userland, NewsGator or any other aggregator listening on port 5335 by clicking this button.   RSS 2.0|Atom 1.0  Send mail to the author(s)

 
Don't contact us via this (fleischfalle@alphasierrapapa.com) email address.