漏洞披露:Bret McDanel的奇怪案例

Edward H. Freeman
{"title":"漏洞披露:Bret McDanel的奇怪案例","authors":"Edward H. Freeman","doi":"10.1080/10658980601144915","DOIUrl":null,"url":null,"abstract":"Responsible developers work hard to produce secure, reliable, and efficient software packages. No company wants its integrity compromised by hackers, employees, or legitimate users. Negative publicity damages a firm’s reputation. Legal proceedings can cost an organization millions and destroy any chance of long-term success. Realistically, few products are released without security flaws. Programmers and system designers strive to find security bugs during the development cycle or at worse during beta testing, when bugs can be fixed easily. Careful testing will allow internal programmers to debug the software without publicity or industry notice. The outcome may differ if outsiders discover a security breach. Malicious hackers may exploit the breach to obtain classified information, to destroy the integrity of the information, or simply for the challenge. Even self-described “ethical hackers” may share this information with no discretion. Given the speed of the Internet, security breaches can be transmitted worldwide in hours. This article deals with vulnerability disclosure, where the details of a security breach are freely available. It also deals with the bizarre case of Bret McDanel, a young computer expert who spent 16 months in federal prison after he exposed a security breach in his former employer’s software package.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2007-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Vulnerability Disclosure: The Strange Case of Bret McDanel\",\"authors\":\"Edward H. Freeman\",\"doi\":\"10.1080/10658980601144915\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Responsible developers work hard to produce secure, reliable, and efficient software packages. No company wants its integrity compromised by hackers, employees, or legitimate users. Negative publicity damages a firm’s reputation. Legal proceedings can cost an organization millions and destroy any chance of long-term success. Realistically, few products are released without security flaws. Programmers and system designers strive to find security bugs during the development cycle or at worse during beta testing, when bugs can be fixed easily. Careful testing will allow internal programmers to debug the software without publicity or industry notice. The outcome may differ if outsiders discover a security breach. Malicious hackers may exploit the breach to obtain classified information, to destroy the integrity of the information, or simply for the challenge. Even self-described “ethical hackers” may share this information with no discretion. Given the speed of the Internet, security breaches can be transmitted worldwide in hours. This article deals with vulnerability disclosure, where the details of a security breach are freely available. It also deals with the bizarre case of Bret McDanel, a young computer expert who spent 16 months in federal prison after he exposed a security breach in his former employer’s software package.\",\"PeriodicalId\":36738,\"journal\":{\"name\":\"Journal of Information Systems Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Systems Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1080/10658980601144915\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"Social Sciences\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Systems Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/10658980601144915","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Social Sciences","Score":null,"Total":0}
引用次数: 5

摘要

负责任的开发人员努力生产安全、可靠和高效的软件包。没有一家公司希望自己的诚信受到黑客、员工或合法用户的损害。负面宣传会损害公司的声誉。法律诉讼可能使一个组织损失数百万美元,并摧毁任何长期成功的机会。实际上,很少有产品是没有安全缺陷的。程序员和系统设计人员努力在开发周期中找到安全漏洞,或者更糟糕的是在beta测试期间,因为bug可以很容易地修复。仔细的测试将允许内部程序员在没有公开或行业通知的情况下调试软件。如果外部人员发现安全漏洞,结果可能会有所不同。恶意的黑客可能会利用这个漏洞来获取机密信息,破坏信息的完整性,或者仅仅是为了挑战。甚至自称为“道德黑客”的人也可能毫无顾忌地分享这些信息。鉴于互联网的速度,安全漏洞可以在数小时内传播到世界各地。本文讨论漏洞披露,其中安全漏洞的详细信息是免费提供的。它还涉及Bret McDanel的离奇案件,这位年轻的计算机专家在揭露前雇主软件包中的安全漏洞后,在联邦监狱服刑16个月。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Vulnerability Disclosure: The Strange Case of Bret McDanel
Responsible developers work hard to produce secure, reliable, and efficient software packages. No company wants its integrity compromised by hackers, employees, or legitimate users. Negative publicity damages a firm’s reputation. Legal proceedings can cost an organization millions and destroy any chance of long-term success. Realistically, few products are released without security flaws. Programmers and system designers strive to find security bugs during the development cycle or at worse during beta testing, when bugs can be fixed easily. Careful testing will allow internal programmers to debug the software without publicity or industry notice. The outcome may differ if outsiders discover a security breach. Malicious hackers may exploit the breach to obtain classified information, to destroy the integrity of the information, or simply for the challenge. Even self-described “ethical hackers” may share this information with no discretion. Given the speed of the Internet, security breaches can be transmitted worldwide in hours. This article deals with vulnerability disclosure, where the details of a security breach are freely available. It also deals with the bizarre case of Bret McDanel, a young computer expert who spent 16 months in federal prison after he exposed a security breach in his former employer’s software package.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of Information Systems Security
Journal of Information Systems Security Social Sciences-Safety Research
CiteScore
0.40
自引率
0.00%
发文量
0
期刊最新文献
Information Systems Security: 17th International Conference, ICISS 2021, Patna, India, December 16–20, 2021, Proceedings Information Systems Security: 16th International Conference, ICISS 2020, Jammu, India, December 16–20, 2020, Proceedings Information Systems Security: 15th International Conference, ICISS 2019, Hyderabad, India, December 16–20, 2019, Proceedings From the Editor's Desk Security Sickness in the Health Networks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1