Gray Hat Hacking: The Ethical Hacker??™s Handbook
62
Chapter 3: Proper and Ethical Disclosure
63
PART I
Conflicts Will Still Exist
The reasons for the common breakdown between the finder and the vendor lie in their
different motivations and some unfortunate events that routinely occur. Finders of vulnerabilities
usually have the motive of trying to protect the overall industry by identifying
and helping remove dangerous software from commercial products. A little fame,
admiration, and bragging rights are also nice for those who enjoy having their egos
stroked. Vendors, on the other hand, are motivated to improve their product, avoid lawsuits,
stay clear of bad press, and maintain a responsible public image.
Although more and more software vendors are reacting appropriately when vulnerabilities
are reported (because of market demand for secure products), many people
believe that vendors will not spend the extra money, time, and resources to carry out this
process properly until they are held legally liable for software security issues. The possible
legal liability issues software vendors may or may not face in the future is a can of
worms we will not get into, but these issues are gaining momentum in the industry.
Pages:
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186