Project Disclosure

All software contains bugs. A subset of those bugs are security flaws that allows a malicious individual to cause software to do something it shouldn't do. The best example of this is when a remote attacker leverages a flaw in a public facing service (web server or mail server for example), which then allows them access to machine resources.

(FIXME:This is only an outline, additional content needs to be filled in)

The upper page has a couple of external links on the topic.

What is a Security Flaw

A security flaw is most easily described as a bug, when given the right circumstances, could lead to the compromise of confidentiality, integrity, or availability of computing resources.

Dealing with Researchers

Be Polite and Understanding
  • Just as you take your software personally, they treat their research the same way.
Ask for their help
  • Most of them will have a rather impressive understanding of why your software is flawed. They will be happy to help
Provide proper credit
  • The PR a researcher gets is one of their driving goals. If you play to their vanity, they will be eager to help in the future.
disclosure/project.txt · Last modified: 2013/10/23 16:31 by solar
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux