[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] What do security researchers want in a security disclosure policy to reduce their liability?
- From: "Bubba Gump" <bubbagump123@xxxxxxxxx>
- Subject: Re: [WEB SECURITY] What do security researchers want in a security disclosure policy to reduce their liability?
- Date: Thu, 9 Aug 2007 21:58:52 -0400
------=_Part_3994_8289753.1186711132893
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Andy,
This is a good idea, but I don't know about putting up a thank you page for
the security researcher. Companies are really careful about admitting to
having security vulnerabilities. I think in most cases they would rather
quietly fix the issue and thank the researcher privately.
And offering up any kind of reward would encourage people to mess with the
company's website to search for bugs.
-Bubba
------=_Part_3994_8289753.1186711132893
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Andy,<br>This is a good idea, but I don't know about putting up a thank you page for the security researcher. Companies are really careful about admitting to having security vulnerabilities. I think in most cases they would rather quietly fix the issue and thank the researcher privately.
<br><br>And offering up any kind of reward would encourage people to mess with the company's website to search for bugs.<br><br>-Bubba<br>
------=_Part_3994_8289753.1186711132893--
Brought to you by http://www.webappsec.org
Search this site
|