Security is ever a game of balance. Ease of use against safety is the one I find myself thinking about most often; locks on your door inconvenience you with having to get out your keys, long and unique passwords necessitate working with a password manager, two factor requires additional equipment and steps. Most often adding security impacts ease of use in some negative way. Finding the balance here is important. Disclosing the vulnerability is best for your users.
But security isn’t a single balancing act. Many of the decisions we must make require finding the right balance. Each requires thought and consideration, as well as a clear set of priorities. Especially when it comes to disclosing vulnerabilities. Every situation is going to be unique, but knowing the right questions to ask will help. The time to think through these questions is now, hopefully long before you are faced with them.
Should This Vulnerability Be Disclosed?
Yes.
Disclosing the vulnerability is best for your users. It builds trust. It’s also the best thing you can do for the future of security. Hopefully other people can learn from your issue and not have to face the same one themselves.
“But,
Source: https://managewp.org/articles/14618/the-difficulties-of-security-disclosure
source https://williechiu40.wordpress.com/2017/03/16/the-difficulties-of-security-disclosure-2/
No comments:
Post a Comment