A “Grey Hat” Guide for Security Researchers
The following is a verbatim reproduction of Jennifer Granick’s original post
In counseling computer security researchers, I have found the law to be a real obstacle to solving vulnerabilities. The muddy nature of the laws that regulate computers and code, coupled with a series of abusive lawsuits, gives researchers real reason to worry that they might be sued if they publish their research or go straight to the affected vendor.
By reporting the security flaw, the researcher reveals that she may have committed unlawful activity, which might invite a lawsuit or criminal investigation. On the other hand, withholding information means a potentially serious security flaw may go unremedied. I discuss this problem, and offer some ideas about what researchers can do about it, in a new document called “A ‘Grey Hat’ Guide”. Constructive feedback is welcome, as I can use it to improve the paper.
You may read the Grey Hat Guide here
Subscribe by ...
To receive future articles like this one in your inbox or Feed reader, please take a few seconds to subscribe to this site by email or RSS. You may also follow us on Twitter.
Sponsored Links
The next best thing to fruits & vegetables is Juice Plus
Buy Fedora installation media at very low prices from OSDisc
Don't have high speed Internet access? Buy Ubuntu and Mint installation media at very low prices
Develop your community's collaboration and communication skills with Collaba server
To buy a text link ad here, send us an email
