Vulnerability Disclosure: Revisited – or how SnapChat refuses to learn
| Main Author: | Stefan Friedli |
|---|---|
| Other Authors: | Marc Ruef |
| Format: | Article |
| Bahasa: | eng |
| Terbitan: |
, 2014
|
| Subjects: | |
| Online Access: |
https://zenodo.org/record/3521266 |
Daftar Isi:
- Back in 2010, I published an article called The Nine Circles of Responsible Vulnerability Disclosure Hell [1] where I talked about the general problems frequently encountered when trying to point out security flaws in applications and services that are used by a lot of people. Basically, it was a mild rant about the various hoops any security practitioner has to jump through when he discovers a vulnerability, especially if it’s in a public or widespread application. Since then, the earth has kept on spinning and we’re dealing with what are essentially the same issues, but in a new playing field. Android and iOS, being two major mobile operating systems, provide easy access to millions of apps via their respective online stores. Apps have never been such a huge part in everyday life. Apple frequently publishes [2] the most popular apps from various countries, but if you need proof, take a look at your Facebook feed or just get on a train and watch what people are doing on their phones.
- This paper was written in 2014 as part of a research project at scip AG, Switzerland. It was initially published online at https://www.scip.ch/en/?labs.20140116 and is available in English and German. Providing our clients with innovative research for the information technology of the future is an essential part of our company culture.