Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Hacked Opinions: Vulnerability disclosure - Casey Ellis

Steve Ragan | Aug. 6, 2015
Bugcrowd's Casey Ellis talks about disclosure, bounty programs, and vulnerability marketing with CSO, in the first of a series of topical discussions with industry leaders and experts.

CE: If Wassenaar causes a net negative effect on America's ability to defend itself from cyber threats, I suspect that will become obvious pretty quickly and will be fixed not long afterward. Everything I've read so far tells me that the BIS are a little out of their depth on this one, but thing is that they seem to be listening to us. The security community have been very vocal about this.

Suppose Wassenaar rolls out in a very negative way. It can be certain that hackers will find a way around it. It's in our nature to find a way to achieve the outcome we want and get the job done. However, I don't think it will come to that. There may be bumps along the way, but I don't see much really changing and it won't kill vulnerability disclosure.

Overall, I think that it will end up with more people being transparent with vulnerabilities that affect the public at scale, which creates a "this is public domain researcher, not the development of a munition" out clause, thereby preventing the activation of Wassenaar. It's a pretty good example of "hacker will always find a way" and we're seeing people do it now.


Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.