Find a Vulnerability in Software, Get sued by Vendor

judge, lawyer, attorney-3008038.jpg

Bad form or what?

Find a Vulnerability, notify the vendor, get sued!

IMHO, many vulnerabilities are not published already, and this only makes it worse….. sell the vulnerability on the Dark Web = profit. Let the Vendor know about it ….. get punished?

Reason #233 for having a Cyber Security plan in place to protect your business, Trust no-one.

This approach by Vendors is to protect revenues and nothing more than this, Vendors have fixed budgets to develop products and features and “White Hat” Hackers finding problems in software costs Vendors big time to fix.

In some cases the problems can be so deep that big changes in Software need to occur, this may prevent Vendors from meeting share holder expectations, the number One concern for most public Companies.

The alternative to this is for “White Hats” to say nothing, let the “Black Hat” discover the Backdoor and affect thousands (if not more!) of customers?

This would appear to be a very Anti-Customer approach wouldn’t it?

The Vendor list and vulnerabilities are here:

https://github.com/disclose/research-threats

The original article is below:

https://www.theregister.com/2021/10/11/cyan_zero_day_legislative_project/

Leave a Reply

Your email address will not be published.