New guide aims to remove the drama of reporting software flaws

‹ PrevPC World Icon PC WorldNext ›
Fri 1:45am by: PC World

Handling a software flaw can be messy, both for a security researcher who found it and for the company it affects. But a new set of guidelines aims to make that interaction less mysterious and confrontational.

Large companies such as Facebook, Google and Yahoo have well defined "responsible disclosure" policies that lay out what is expected of researchers if they find a vulnerability and often the terms under which a reward will be paid.

But many companies don't, which can lead to problems and confusion. Security researchers have occasionally been referred to law enforcement even when they have been up front about the issue with a company.

To read this article in full or to leave a comment, please click here



‹ Prev   Next Article ›