Nearly two-thirds of IT security professionals believe that potentially life-threatening vulnerabilities should be made public if disclosure to the manufacturer hasn’t worked, according to a new study. Unified security management vendor AlienVault polled over 650 security professionals at Black Hat 2015 to gauge their views on what should be done if a serious flaw is found on a critical internet-connected device. Although the majority agreed that the information should be made public if the manufacturer takes no action, they differed on how that could be done. Some 19% said it should be tested with ‘willing participants’ in a public space, while the same percentage favored full disclosure to the media. In addition, 13% said the best way to make the information public would be to reveal it during a presentation or talk at a conference, while the same number claimed proving the vulnerability on a live system would be best. Just over one third (36%) argued that such a flaw would be best demonstrated at a private event with willing participants.
