Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 5 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Thank flaw finders, don't jail them

by The Gurus
April 11, 2014
in Editor's News
Share on FacebookShare on Twitter

Thanks should be given to those people who disclose vulnerabilities, not jail time.
 
Speaking to IT Security Guru, security researcher Joe Grand, who was in the Boston hacker space L0pht as member Kingpin, said that the people who publicly release research should be thanked and treated as beneficial to the community, instead of putting them in jail.
 
The L0pht was known for finding vulnerabilities in software and reporting them to the affected companies. Grand said: “Once we realised we could educate the community, the vendors said that even though they don’t like hearing that they have a vulnerability they can educate people and that is how the whole full disclosure thing started.
“We weren’t the only group, but we were one of the first to push vendors to acknowledge the problems and we would go public with them. We helped pave the path for the bug bounty programs and the people that wrote them were involved with the L0pht or associated with the hacker community back then and can shake these companies and say ‘we need to reward these people who are helping us for free’.”
 
Grand said that the people who sell zero-days on the black market whom you don’t know are the guys you’ve got to worry about. “But on the other hand you still see countries, organisations and Governments who go after someone who goes public with a vulnerability which really hampers things, and can put the researchers on edge because they may be afraid to release something or work with a vendor as they are scared of getting sued.”
 
Fellow L0pht member Christian Rioux, who was known as Dildog, said that the process of reporting bugs in its time was that you could threaten to release it, and a vendor would say ‘you’d better not release it or we will get you’.
 
Grand said: “Everyone needs to get on the same page and give researchers the thanks that they deserve, and hopefully everyone can work together to make the products good enough where there are fewer zero-days sold on the black market and less nefarious things going on, because people are not going public with these things, they are not getting thanked and it being worth their while.”

FacebookTweetLinkedIn
Tags: Bug BountyFlawResearchVulnerability
ShareTweetShare
Previous Post

Canadian banks say they are safe from Heartbleed

Next Post

Vienna – Trust in the Digital World

Recent News

london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information