[Update: Corrected title per first comment. Also, should you find any kind of vulnerability with SoylentNews, please send a description to "dev" at "soylentnews.org" and we'll address it as soon as possible. --martyb]
Submitted via IRC for AndyTheAbsurd
Almost a quarter of hackers have not reported a vulnerability that they found because the company didn't have a channel to disclose it, according to a survey of the ethical hacking community.
With 1,698 respondents, the 2018 Hacker Report, conducted by the cybersecurity platform HackerOne, is the largest documented survey ever conducted of the ethical hacking community.
In the survey, HackerOne reports that nearly 1 in 4 hackers have not reported a vulnerability because the company in question lacks a vulnerability disclosure policy (VDP) or a formal method for receiving vulnerability submissions from the outside world.
Without a VDP, ethical, white-hat hackers are forced to go through other channels like social media or emailing personnel in the company, but, as the survey states, they are "frequently ignored or misunderstood".
But that means that three-quarters DO, which I guess is good news. Or at least not bad news.
(Score: 0) by Anonymous Coward on Thursday January 18 2018, @07:21PM (3 children)
> A Quarter of Ethical Hackers Don't Report Cybersecurity Concerns
> Almost a quarter of hackers have not reported a vulnerability that they found because the company didn't have a channel to disclose it
The title is immediately contradicted by the first sentence in the TFS quote.
A quarter of hackers *couldn't* report *a* vulnerability. That's very different from "don't report vulnerabilities". "Sometimes couldn't do" clickbaited to "never do".
Please, editors, change the title: "don't" should be "couldn't".
(Score: 2) by martyb on Thursday January 18 2018, @08:01PM (2 children)
Ugh. Original title from submission was too long to fit and it got truncated inappropriately. Thanks for pointing this out -- fixed!
Wit is intellect, dancing.
(Score: 0) by Anonymous Coward on Thursday January 18 2018, @08:06PM (1 child)
Thanks for fixing it!
And why does the the submission form allow titles that are too long to fit? It would seem worthwhile to limit it there.
(Score: 2) by martyb on Thursday January 18 2018, @08:48PM
Umm, that IS the problem... it was truncated before we received it. Scroll back to the story and see the Original Submission [soylentnews.org] link? Click that and you will see the linked story has this for its title:
It appears that the submitter just did a cut-and-paste into the title field... which truncated it to be:
The attempt to rectify *that* truncation resulted in the inadvertent change of meaning. We've been training up bots on IRC, but as you can see, MrPlow does not seem to be capable of making the same level of mistakes as has been perfected by us humans. =)
Wit is intellect, dancing.