Ethical Vulnerability Disclosure

The debate on whether vulnerabilities should be disclosed to force a vendor to fix the problem in a reasonable period or kept covert until a fix has been implemented has been a big discussion in the Information Security field. Black Hats, White Hats and even Grey Hats have their opinions. I personally have disclosed a vulnerability I discovered to vendor and known others who have as well, too only witness slow responses to rectify the matter to no responses at all.

In an Enterprise IT Planet article, one group feels immediate disclosure effects change at a brisker pace (WMF again) and encourages vendors to tighten up their development practices. While other point to the complexity of software today, where yesterday’s feature becomes today’s liability. They would say that out of respect for users, and the community at large, vendors should be given a chance to make things right.

What do you think?

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.