Monday, June 11, 2007

Volunteers do not do security

who is the guy to rely on but hired help?
clipped from

"What if a Web researcher found a bug on your Website today -- but was too afraid of the law to tell you?

The Computer Security Institute (CSI) recently formed a working group of Web researchers, computer crime law experts, and U.S. Department of Justice agents to explore the effects of laws that might hinder Web 2.0 vulnerability research. And the CSI group's first report -- which it will present on Monday at CSI's NetSec conference in Scottsdale, Ariz. -- has some chilling findings.

In the report, some Web researchers say that even if they find a bug accidentally on a site, they are hesitant to disclose it to the Website's owner for fear of prosecution. "This opinion grew stronger the more they learned during dialogue with working group members from the Department of Justice," the report says. "
 blog it

No comments: