This Is Why You Don't Punish The Messenger On Security Vulnerabilities
from the solve-the-vulnerability-at-least dept
Over the past few years, we've pointed to case after case after case after case after case after case of those who pointed out security vulnerabilities being attacked or blamed for the vulnerability. It's true that sometimes the "researchers" go too far -- but the important point is that security vulnerability get fixed. Instead, it's much easier to simply blame the messenger. Now, with all of the talk about hackers breaking into and taking data from Ohio University computers, Jon has submitted a story reminding everyone how it was just a few years ago that Ohio University was busy blaming the messenger for pointing out how weak the school's computer security was. Apparently, in the rush to blame and bury the guy, no one actually thought about fixing and protecting their computer system.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Why even try?
They still haven't fixed the issue to this day, I guess its just a matter of time untill someone else finds this with less than honorable intentions in mind.
Point being, why even try to help? Too much trouble involved when it obivously will be more than likley met with negative reactions.
[ link to this | view in thread ]
keralafood
[ link to this | view in thread ]
Your Best Teacher is....
[ link to this | view in thread ]
[ link to this | view in thread ]
Serves them right
[ link to this | view in thread ]
Re: Why even try?
They were already warned.
[ link to this | view in thread ]
Re: Re: Why even try?
[ link to this | view in thread ]
No Good Deed Shall Go Unpunished
If I'm feeling exceptionally charitable, I'll refer 'em to ISO 17799 or a similar "best standards" document... But I usually don't broach the issue of security at all. It seems the typical client thinks that hackers are beings out of the Lovecraftian Cthulhu Mythos, wreaking havoc upon those that merely invoke their names.
In short, DNAWC (Do Not Associate With Catastrophe)
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: No Good Deed Shall Go Unpunished
[ link to this | view in thread ]
HA
I learned my lesson in h.s., getting into teachers' accounts and changing random grades (not mine), then showing administrators how easy it was to do it. All while sitting in an area next to the moronic net manager. Too bad the dean didn't appreciate my helpfulness. Suspension!
I had half a mind to give everyone A's after that...
[ link to this | view in thread ]
Typical
[ link to this | view in thread ]
They're going to get hit where it hurts
[ link to this | view in thread ]