Naturally, we want our software and the services that we use to be secure, and this often requires discovering vulnerabilities and taking actions to fix them. But what is the right way to disclose vulnerabilities to vendors and the public?
Many researchers will find themselves in the position of finding and disclosing vulnerabilities, often accidentally. What it is not so known is that such activities can have legal and ethical implications that vary depending, for example, on how vulnerabilities are discovered, on to whom they are disclosed, and how the public is informed.
Well intended researchers look to improve the security of software products in collaboration with the vendors while minimising the negative impact of letting someone taking advantage of a vulnerability. ...
Disclosing Software Vulnerabilities: An Ethical Perspective
Advert