---

Home Security

Ejection Seats, Cooking Dinner, and Vuln Disclosure

By

“It turned out to be way easier and much more like a webapp than
I had thought it would be originally. After a couple hours of
poking, I found a huge unauthenticated confidentiality hole. Once
the euphoria wore off, I realized I had a big problem on my hands.
I had to tell my employer’s app owners and we had to assess risk
and make a decision on what to do about it. After some quick
meetings with stakeholders, we decided to severely limit access to
the thing while we worked with the vendor.

“The vendor refused to acknowledge it was a security issue. Odd,
considering most everyone who sees the issue unmistakably agrees
that it is not acceptable. Now I’m forced to play hardball, yet
nobody wants to fully-disclose and destroy relations with this
vendor, whose software is somewhat relied on. Meanwhile, I know
there are hundreds of institutions, small and large, using this
software who have no idea that it has flawed security and who would
probably not find the risk acceptable. What can I do? Nothing. Oh
well, sucks to be them.”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.