Unlike other books and resources that are available today, we are promoting the use
of the knowledge that we are sharing with you to be used in a responsible manner that
will only help the industry??”not hurt it. This means that you should understand the policies,
procedures, and guidelines that have been developed to allow the gray hats and the
vendors to work together in a concerted effort. These items have been created because of
the difficulty in the past of teaming up these different parties (gray hats and vendors) in
a way that was beneficial. Many times individuals identify a vulnerability and post it
(along with the code necessary to exploit it) on a website without giving the vendor the
time to properly develop and release a fix. On the other hand, many times when gray
hats have tried to contact vendors with their useful information, the vendor has ignored
repeated requests for communication pertaining to a particular weakness in a product.
This lack of communication and participation from the vendor??™s side usually
resulted in the individual??”who attempted to take a more responsible approach??”posting
the vulnerability and exploitable code to the world. This is then followed by successful
attacks taking place and the vendor having to scramble to come up with a patch and
endure a reputation hit.
Pages:
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153