Jump to content
xisto Community
Sign in to follow this  
longtimeago

Security Vulnerablilty In A System If you find one, what should be done ?

Recommended Posts

Talking about the various Computer Security Issues & Exploits let me put forth a simple question to all the Computer Geeks. Lets consider you use a particular System (Some thing like a service provider, hereafter reffered as system) and in that system while you use it you find a big security exploit which when exploited can result in a loss of thousands of dollars for that company. One will get to know that there exists such an exploit once he had tried that exploit now. At this point if the person who found that exploit uses that vulnerablity and checks for various possiblity and he confirms that it is a serious exploit which has to be dealt with. Now he can do many things, go and publicize that and become famous, or use for his personal use or can report to the concerned authorities of that company from which that product or system has been released. So now that if he is ethical enough he is gonna report to that company. In this case he has already violated the Policy of the company by exploiting the security hole but he had reported about that to the company. On the other hand without exploiting the security hole he cannot confirm that there exists such a vulnerablity. On the other hand i term it as without violating the policy of the company he cannot check that the exploit which he smells is really an exploit or not. Now that he had done it and reported to the company.Now the company does not respond at all after intimating them several times about the same. Now is the User who found the exploit can be busted under law ? because he had exploited the security hole though he has informed the company ?? The confusing issue here will be what if the company to which he reported dont get back for all the intimation that he has made ?? I personally feel that this means the company is trying to figure out the exploit by itself. So in such a situation what is to be done. A normal user finds an exploit, confirms it by testing that, he reports to the company but gets no reply. The user is tempted to check that exploit again and again to check whether it is fixed and he sends intimation to the company again and again. But no response. What should be done ??

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.