Science Addiction

A dormant blog by Devanshu Mehta
November 24, 2008

“Grey Hat” Guide: To Disclose or Not to Disclose

Jennifer Granick, Civil Liberties Directory at the Electronic Frontier Foundation is putting together a “Grey Hat” guide for security researchers. The problem, says Granick, is that the law has been a real obstacle to solving vulnerabilities.

The muddy nature of the laws that regulate computers and code, coupled with a series of abusive lawsuits, gives researchers real reason to worry that they might be sued if they publish their research or go straight to the affected vendor. By reporting the security flaw, the researcher reveals that she may have committed unlawful activity, which might invite a lawsuit or criminal investigation. On the other hand, withholding information means a potentially serious security flaw may go unremedied.

The guide seems to be a work-in-progress and Granick has solicited constructive feedback.

Leave a comment
November 24, 2008

Change Watch: Say No to YouTube, Mr. President

Chris Soghoian makes an excellent case against using YouTube as the default for the President-elect’s weekly addresses. There are many issues he touches on including the privacy of the viewers from Google, the free Obama-endorsed publicity for YouTube, the embracing of a closed-format, and so forth.

Leave a comment