The software vendor is the second player. It develops the product and is responsible
for its successful operation. The vendor is looked to by thousands of customers for technical
expertise and leadership in the upkeep of the product. When a flaw is reported to
Gray Hat Hacking: The Ethical Hacker??™s Handbook
48
the vendor, it is usually one of many that must be dealt with, and some fall through the
cracks for one reason or another.
Gray hats are also involved in this dance when they find software flaws. Since they are
not black hats, they want to help the industry and not hurt it. They, in one manner or
another, attempt to work with the vendor to develop a fix. Their stance is that customers
should not have to be vulnerable to attacks for an extended period. Sometimes vendors
will not address the flaw until the next scheduled patch release or the next updated version
of the product altogether. In these situations the customers and industry have no
direct protection and must fend for themselves.
The issue of public disclosure has created quite a stir in the computing industry,
because each group views the issue so differently. Many believe knowledge is the public??™s
right and all security vulnerability information should be disclosed as a matter of
principle.
Pages:
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155