Henry Dalziel | General Hacking Posts, Hacker Hotshots | January 19, 2013
However – we note with a sense of glee that the Dutch government’s cyber security center has published guidelines to encourage ethical hackers to declare security vulnerabilities in a responsible way. Maybe the rest of the EU will follow this lead?
Pentesters and security researchers do play an important role in securing IT systems by finding vulnerabilities but as is often the case, and one pointed out by the Dutch, is that the same hackers will used social media and their blogs to share their research. Going social with vulnerability discoveries is not really an ideal route because it exposes a security hole before it has been fixed.
The Dutch have a plan to provide vendors with a framework to create their own policies on responsible vulnerability disclosure.
The released guidance does not affect the existing legal framework but it does encourage parties to work together to make IT networks and systems safer for all – this is all according to the NCSC. NCSC is the “Dutch National Cyber Security Centre.”
Its all clearly steps in the right direction – again, the main reason why we wanted to post this was because a couple of our Hacker Hotshot events had questions directly relating to this subject. In summary, vendors need to embrace the hacking community more and work with them in a more amicable fashion when they discover vulnerabilities.