安全性問題 - 事先告知的義務

一般在發現 Security Issue 後都會以 mail 先通知負責的單位 (Vendor),直到提供 patch 或是修正問題後才會將 Security Issue 公諸於世。

不過,有時候也會遇到不想鳥你的單位... 這時候就光明正大的給他一腳吧 XD

IV. HISTORY
30th Jan, 2006 - Bug originally discovered
2nd Feb, 2006 - Vendor Notified
...
...
No vendor response
...
...
22nd Feb, 2006 - Vendor Notified again
22nd Feb, 2006 - Public Disclosre

請參考:Gmail Security Flaw Fixed

Leave a Reply

Your email address will not be published. Required fields are marked *