An interesting article I found about a security researcher in Australia who did find and disclose a vulnerability, but the company is claiming he ran afoul of a computer crimes act.
http://www.scmagazine.com.au/News/276780,security-researcher-threatened-with-vulnerability-repair-bill.aspx
Illustrates the need for security professionals to not only know their laws, but to ask before doing any testing and have a contract in writing. Although I think the company should be grateful that he found it and not a malicious hacker...the actual 'test' didn't involve anything particularly complex.
No comments:
Post a Comment