It is now a common thing that researchers report to websites about the flaw in their product or web-site. These researchers are termed as “Gray Hats”. However care should be taken that while informing vendor about the flaw can lead to legal consequences which the hacker may have to pay for the good. An article gives a brief guideliness what the researcher can follow while reporting any bug to the vendor.

A resercher may have violet the law in the course of finding the flaw. Hence he may face legal actions (mostly from vendors who panic a lot). In such cases he should take proper care before contacting the vendor. He must note the following things :

• Computer Fraud and Abuse Act
• Anti-Circumvention Provisions of the DMCA
• Copyright law
• Other state and international laws

The article recommends to consult with a attorney before doing any risky research which can help you avoid common legal traps. He finds himself looped up with all legalities even though he is researching the bug for the good of the vendor. He may also try to report the bug indirectory by passing on the details to an intermediatary person. Well care should also be taken that the person is trustworthy else we all know what can be the consequences.

In case the flaw is risky, the researcher may opt to remain anonymous and hidden. Also he can re-discover the flaw in a non-risky way which will prevent him falling in legal trap.

The article ends with:

Whatever course the researcher takes, she is exposing herself in the interest of bettering security for the public. A more comprehensive solution would be to more narrowly draw and more clearly set forth our computer offense laws. The goal is to leave breathing room for legitimate security research and give the researchers that help protect our digital property and privacy clear guidelines for their scientific and innovative activities. It is far better to allow security research to flourish in an atmosphere of light regulation, than to try to punish criminal attacks after they happen with draconian and confusing laws. In the meantime, however, security improvements will sometimes depend on the willingness of researchers to accept the risk of being sued.

Similar Posts you might be interested in:

None Found

Be Sociable, Share!

•