Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Thursday January 18 2018, @07:07PM   Printer-friendly
from the la-la-la-can't-hear-you dept.

[Update: Corrected title per first comment. Also, should you find any kind of vulnerability with SoylentNews, please send a description to "dev" at "soylentnews.org" and we'll address it as soon as possible. --martyb]

Submitted via IRC for AndyTheAbsurd

Almost a quarter of hackers have not reported a vulnerability that they found because the company didn't have a channel to disclose it, according to a survey of the ethical hacking community.

With 1,698 respondents, the 2018 Hacker Report, conducted by the cybersecurity platform HackerOne, is the largest documented survey ever conducted of the ethical hacking community.

In the survey, HackerOne reports that nearly 1 in 4 hackers have not reported a vulnerability because the company in question lacks a vulnerability disclosure policy (VDP) or a formal method for receiving vulnerability submissions from the outside world.

Without a VDP, ethical, white-hat hackers are forced to go through other channels like social media or emailing personnel in the company, but, as the survey states, they are "frequently ignored or misunderstood".

But that means that three-quarters DO, which I guess is good news. Or at least not bad news.

Source: http://factor-tech.com/connected-world/27830-a-quarter-of-ethical-hackers-dont-report-cybersecurity-concerns-because-its-not-clear-who-they-should-be-reporting-them-to/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday January 18 2018, @09:12PM (2 children)

    by Anonymous Coward on Thursday January 18 2018, @09:12PM (#624398)

    Free reporting is too much bother.

    Paid reporting is great, but to get a reliable paycheck you need a security clearance. (see downmodded post) Some people have issues with foreign family, drug use, mental illness, or serious debt. Without that clearance, the best you can do is the occasional awkwardly brokered sale. Nobody trusts you to deliver a real exploit, and you don't trust them to see it without prior payment. You won't be getting that 6-figure salary with full benefits.

  • (Score: 2) by Grishnakh on Thursday January 18 2018, @09:25PM

    by Grishnakh (2831) on Thursday January 18 2018, @09:25PM (#624409)

    Some people have issues with foreign family, drug use, mental illness, or serious debt.

    They don't do drug tests for clearances these days.

    Foreign family shouldn't be a big problem, unless your foreign family is in/from a problematic country. Family living in Australia or something shouldn't be an issue.

  • (Score: 0) by Anonymous Coward on Thursday January 18 2018, @11:26PM

    by Anonymous Coward on Thursday January 18 2018, @11:26PM (#624467)

    Free reporting is too much bother.

    How that? If you care, tell the company first, then later post a writeup to Bugtraq. Can't get simpler than that.