A “Grey Hat” Guide for Security Researchers

The following is a verbatim reproduction of Jennifer Granick’s original post
In counseling computer security researchers, I have found the law to be a real obstacle to solving vulnerabilities. The muddy nature of the laws that regulate computers and code, coupled with a series of abusive lawsuits, gives researchers real reason to worry that they might be sued if they publish their research or go straight to the affected vendor.

By reporting the security flaw, the researcher reveals that she may have committed unlawful activity, which might invite a lawsuit or criminal investigation. On the other hand, withholding information means a potentially serious security flaw may go unremedied. I discuss this problem, and offer some ideas about what researchers can do about it, in a new document called “A ‘Grey Hat’ Guide”. Constructive feedback is welcome, as I can use it to improve the paper.


You may read the Grey Hat Guide here

Related Posts

How to delete boot managers from a UEFI boot menu This short tutorial shows how to delete boot managers from a UEFI boot menu. It might not apply to all computers, but if your computer is anything lik...
Zentyal installation guide Zentyal, the Linux distribution formerly known as eBox Platform, is a server distribution which can be used as a network gateway, unified threat manag...
Dual-boot Windows 7, Linux Mint Debian Edition 2 on a PC with UEFI firmware Linux Mint Debian Edition (LMDE) is a desktop distribution that's based on Debian. It's from the same folks responsible for Linux Mint, which is based...
Upgrading OSSEC 2.7 to 2.8 and the bro-ids rule issue 'Tis the season for upgrading. This hour, the target is OSSEC. Next will be a Cloud server running Ubuntu 12.04 LTS, which will be upgraded to Ubun...
How to install PC-BSD on an encrypted ZFS file system As a desktop distribution built atop FreeBSD, PC-BSD makes available to the desktop user all the cool technologies inside FreeBSD. One of those cool t...
Disk encryption: This is why you should always use it Disk encryption is one of those physical security features that determine whether I install a Linux distribution on any computer I use for serious com...

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at ContainerizeThis.com

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*