Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Thursday January 18 2018, @07:07PM   Printer-friendly
from the la-la-la-can't-hear-you dept.

[Update: Corrected title per first comment. Also, should you find any kind of vulnerability with SoylentNews, please send a description to "dev" at "soylentnews.org" and we'll address it as soon as possible. --martyb]

Submitted via IRC for AndyTheAbsurd

Almost a quarter of hackers have not reported a vulnerability that they found because the company didn't have a channel to disclose it, according to a survey of the ethical hacking community.

With 1,698 respondents, the 2018 Hacker Report, conducted by the cybersecurity platform HackerOne, is the largest documented survey ever conducted of the ethical hacking community.

In the survey, HackerOne reports that nearly 1 in 4 hackers have not reported a vulnerability because the company in question lacks a vulnerability disclosure policy (VDP) or a formal method for receiving vulnerability submissions from the outside world.

Without a VDP, ethical, white-hat hackers are forced to go through other channels like social media or emailing personnel in the company, but, as the survey states, they are "frequently ignored or misunderstood".

But that means that three-quarters DO, which I guess is good news. Or at least not bad news.

Source: http://factor-tech.com/connected-world/27830-a-quarter-of-ethical-hackers-dont-report-cybersecurity-concerns-because-its-not-clear-who-they-should-be-reporting-them-to/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by martyb on Thursday January 18 2018, @08:01PM (2 children)

    by martyb (76) Subscriber Badge on Thursday January 18 2018, @08:01PM (#624331) Journal

    Please, editors, change the title: "don't" should be "couldn't".

    Ugh. Original title from submission was too long to fit and it got truncated inappropriately. Thanks for pointing this out -- fixed!

    --
    Wit is intellect, dancing.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Thursday January 18 2018, @08:06PM (1 child)

    by Anonymous Coward on Thursday January 18 2018, @08:06PM (#624334)

    Thanks for fixing it!

    And why does the the submission form allow titles that are too long to fit? It would seem worthwhile to limit it there.

    • (Score: 2) by martyb on Thursday January 18 2018, @08:48PM

      by martyb (76) Subscriber Badge on Thursday January 18 2018, @08:48PM (#624373) Journal

      Thanks for fixing it!

      And why does the the submission form allow titles that are too long to fit? It would seem worthwhile to limit it there.

      Umm, that IS the problem... it was truncated before we received it. Scroll back to the story and see the Original Submission [soylentnews.org] link? Click that and you will see the linked story has this for its title:

      A quarter of ethical hackers don’t report cybersecurity concerns because it’s not clear who they should be reporting them to

      It appears that the submitter just did a cut-and-paste into the title field... which truncated it to be:

      A quarter of ethical hackers don't report cybersecurity concerns because it's not clear wh

      The attempt to rectify *that* truncation resulted in the inadvertent change of meaning. We've been training up bots on IRC, but as you can see, MrPlow does not seem to be capable of making the same level of mistakes as has been perfected by us humans. =)

      --
      Wit is intellect, dancing.