How Do You Report A Security Hole?
from the difficulties dept
A SecurityFocus article about how Guess (the fashion company) had a security hole in their server that let people access their customers' credit card records. As they say, this "credit cards exposed" story is quickly becoming the "dog bites man" story of the internet. A different one appears every few days. The interesting part of this story was how the guy who discovered the hole couldn't get to the right person at Guess to fix the hole. He sent emails that were ignored. He called and was transferred around and dumped off into voicemail. There isn't a standard person or method for contacting companies about security holes, and some people are suggesting that maybe their should be. Instead, what usually seems to happen is that after a few useless attempts, whoever found the hole ends up going public to the media - and then no one is happy.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
You get more results with a kind word and a 2x4...
Companies who don't have some way of reporting security breaches should have their problems aired in public. Even M$ had security holes into their network and the one who found them months back had notified them only to still have them around until recently.
Sometimes embarressment can be an excellent motivator (along with depressed stock prices, a pink slip, or 2x4)...
[ link to this | view in chronology ]