Some unanswered website vulnerability questions
In the industry we discuss at great length the legal risks and ethical responsibilities of the person disclosing an issue, but not enough about the same when it comes to the business itself. I’ve had a hard time getting authoritative answers to some seemingly simple questions, so I figured I’d give the blog a try. Lets assume a company is informed of a SQLi or XSS vulnerability in their website (I know, shocker) either privately or via public disclosure on sla.ckers.org. And that vulnerability potentially places private personal information (PPI) or intellectual property at risk of compromise
At Jeremiah Grossman's blog.
[ Read more ]
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.