Re: Things to do before vulnerability disclosure

[nrmaster <nrmaster () gmail com>]

In stark contrast to what a black hat would do (publish or more likely sell
it on the black market), an ethical security expert ought to try to notify
the vendor so that a patch or fix can be incorporated into the next hot fix
and distributed to the public before the details of the exploit are widely
available. This sort of approach also fortifies our posture as vulnerability
researchers rather than security bug searchers.

Obviously, any legal or regulatory obligations will depend on your local
laws and/or regulations.
Cheers
-- 
View this message in context: 
http://www.nabble.com/Things-to-do-before-vulnerability-disclosure-tp24044921p24057042.html
Sent from the Penetration Testing mailing list archive at Nabble.com.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------