[Update: Corrected title per first comment. Also, should you find any kind of vulnerability with SoylentNews, please send a description to "dev" at "soylentnews.org" and we'll address it as soon as possible. --martyb]
Submitted via IRC for AndyTheAbsurd
Almost a quarter of hackers have not reported a vulnerability that they found because the company didn't have a channel to disclose it, according to a survey of the ethical hacking community.
With 1,698 respondents, the 2018 Hacker Report, conducted by the cybersecurity platform HackerOne, is the largest documented survey ever conducted of the ethical hacking community.
In the survey, HackerOne reports that nearly 1 in 4 hackers have not reported a vulnerability because the company in question lacks a vulnerability disclosure policy (VDP) or a formal method for receiving vulnerability submissions from the outside world.
Without a VDP, ethical, white-hat hackers are forced to go through other channels like social media or emailing personnel in the company, but, as the survey states, they are "frequently ignored or misunderstood".
But that means that three-quarters DO, which I guess is good news. Or at least not bad news.
(Score: 0) by Anonymous Coward on Thursday January 18 2018, @07:49PM (1 child)
My paycheck is real. I get full benefits, including 401K matching and fully paid health insurance.
Yes, you really can get paid for this stuff. OK, maybe not you, but it works for me and hundreds of others.
(Score: 0) by Anonymous Coward on Thursday January 18 2018, @09:40PM
Never stop buying lottery tickets. [xkcd.com]