Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Thursday January 18 2018, @07:07PM   Printer-friendly
from the la-la-la-can't-hear-you dept.

[Update: Corrected title per first comment. Also, should you find any kind of vulnerability with SoylentNews, please send a description to "dev" at "soylentnews.org" and we'll address it as soon as possible. --martyb]

Submitted via IRC for AndyTheAbsurd

Almost a quarter of hackers have not reported a vulnerability that they found because the company didn't have a channel to disclose it, according to a survey of the ethical hacking community.

With 1,698 respondents, the 2018 Hacker Report, conducted by the cybersecurity platform HackerOne, is the largest documented survey ever conducted of the ethical hacking community.

In the survey, HackerOne reports that nearly 1 in 4 hackers have not reported a vulnerability because the company in question lacks a vulnerability disclosure policy (VDP) or a formal method for receiving vulnerability submissions from the outside world.

Without a VDP, ethical, white-hat hackers are forced to go through other channels like social media or emailing personnel in the company, but, as the survey states, they are "frequently ignored or misunderstood".

But that means that three-quarters DO, which I guess is good news. Or at least not bad news.

Source: http://factor-tech.com/connected-world/27830-a-quarter-of-ethical-hackers-dont-report-cybersecurity-concerns-because-its-not-clear-who-they-should-be-reporting-them-to/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by tftp on Thursday January 18 2018, @09:19PM (3 children)

    by tftp (806) on Thursday January 18 2018, @09:19PM (#624404) Homepage

    Just for trying a doorknob on a door that was not even clearly marked "do not enter", isn't clearly not a public entrance, and discovering the door was not locked, you can be accused of hacking.

    No sane person wants to wake up in the middle of the night every ten minutes from the rattling sound produced by yet another yahoo who "just tries the doorknob on your house's door". Unwanted portscanners are like thieves who are "casing the place" to prepare for a later break-in.

  • (Score: 2) by Grishnakh on Thursday January 18 2018, @09:31PM (2 children)

    by Grishnakh (2831) on Thursday January 18 2018, @09:31PM (#624412)

    Bad analogy. It's more like some "yahoo" who uses a tricorder to scan all the doorknobs in his condo building to see who forgot to lock their door, and then politely informs them so some dangerous or deranged person doesn't barge into their house (which is something that actually happened to me when I was young). If your door is locked, and you don't have any devices looking for the tachyon emissions (or whatever) from the tricorder scan, you'll never know you're being scanned.

    Now if your argument is that public-facing servers have to look at all network traffic because of security concerns, so my analogy is invalid and the rattling sound at night analogy is more correct, then that's just what you have to put up with when you put your systems on the internet and invite public access. So the analogy here is that you're being woken up from helpful doorknob-testers because you've decided to live in a dangerous ghetto where people are frequently home-invaded.

    • (Score: 1) by tftp on Thursday January 18 2018, @09:58PM (1 child)

      by tftp (806) on Thursday January 18 2018, @09:58PM (#624422) Homepage

      So the analogy here is that you're being woken up from helpful doorknob-testers because you've decided to live in a dangerous ghetto where people are frequently home-invaded.

      In your analogy the life expectancy of such a tester is very, very short :-)

      With regard to the facts of the matter, 99.999% of all portscans are initiated by script kiddies from their home IP, and everyone should have concerns about their ethic. If they discover a door open, chances of them kindly informing you are negative.

      • (Score: 2) by Grishnakh on Thursday January 18 2018, @11:06PM

        by Grishnakh (2831) on Thursday January 18 2018, @11:06PM (#624458)

        With regard to the facts of the matter, 99.999% of all portscans are initiated by script kiddies from their home IP, and everyone should have concerns about their ethic. If they discover a door open, chances of them kindly informing you are negative.

        If that's the case, then sysadmins should be happy for the rare person who portscans them with the intention of kindly informing them of vulnerabilities.