{"title":"Vulnerability Disclosure: The Strange Case of Bret McDanel","authors":"Edward H. Freeman","doi":"10.1080/10658980601144915","DOIUrl":null,"url":null,"abstract":"Responsible developers work hard to produce secure, reliable, and efficient software packages. No company wants its integrity compromised by hackers, employees, or legitimate users. Negative publicity damages a firm’s reputation. Legal proceedings can cost an organization millions and destroy any chance of long-term success. Realistically, few products are released without security flaws. Programmers and system designers strive to find security bugs during the development cycle or at worse during beta testing, when bugs can be fixed easily. Careful testing will allow internal programmers to debug the software without publicity or industry notice. The outcome may differ if outsiders discover a security breach. Malicious hackers may exploit the breach to obtain classified information, to destroy the integrity of the information, or simply for the challenge. Even self-described “ethical hackers” may share this information with no discretion. Given the speed of the Internet, security breaches can be transmitted worldwide in hours. This article deals with vulnerability disclosure, where the details of a security breach are freely available. It also deals with the bizarre case of Bret McDanel, a young computer expert who spent 16 months in federal prison after he exposed a security breach in his former employer’s software package.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2007-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Systems Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/10658980601144915","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Social Sciences","Score":null,"Total":0}
引用次数: 5
Abstract
Responsible developers work hard to produce secure, reliable, and efficient software packages. No company wants its integrity compromised by hackers, employees, or legitimate users. Negative publicity damages a firm’s reputation. Legal proceedings can cost an organization millions and destroy any chance of long-term success. Realistically, few products are released without security flaws. Programmers and system designers strive to find security bugs during the development cycle or at worse during beta testing, when bugs can be fixed easily. Careful testing will allow internal programmers to debug the software without publicity or industry notice. The outcome may differ if outsiders discover a security breach. Malicious hackers may exploit the breach to obtain classified information, to destroy the integrity of the information, or simply for the challenge. Even self-described “ethical hackers” may share this information with no discretion. Given the speed of the Internet, security breaches can be transmitted worldwide in hours. This article deals with vulnerability disclosure, where the details of a security breach are freely available. It also deals with the bizarre case of Bret McDanel, a young computer expert who spent 16 months in federal prison after he exposed a security breach in his former employer’s software package.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
