This means that a customer cannot use the Freedom of Information
Act to find out who gave up their information and what information was given. This is
another issue that has upset civil rights activists.
Gray Hat Hacking: The Ethical Hacker??™s Handbook
40
41
CHAPTER 3 Proper and Ethical
Disclosure
??? Different points of view pertaining to vulnerability disclosure
??? The evolution and pitfalls of vulnerability discovery and reporting procedures
??? CERT??™s approach to work with ethical hackers and vendors
??? Full Disclosure Policy (RainForest Puppy Policy) and how it differs between
CERT and OIS??™s approaches
??? Function of the Organization for Internet Safety (OIS)
For years customers have demanded operating systems and applications that provide more
and more functionality. Vendors have scrambled to continually meet this demand while attempting
to increase profits and market share. The combination of the race to market and
keeping a competitive advantage has resulted in software going to the market containing
many flaws. The flaws in different software packages range from mere nuisances to critical
and dangerous vulnerabilities that directly affect the customer??™s protection level.
Microsoft products are notorious for having issues in their construction that can be
exploited to compromise the security of a system.
Pages:
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140