Linked by Thom Holwerda on Tue 28th Jun 2011 22:16 UTC
Apple With all the news about Anonymous, LulzSec, Anti-Sec, and so on, you'd almost forget there are more ethical hacking groups out there as well. One such group, YGN Ethical Hacker Group, informed Apple of several weaknesses in its developers website on April 25. Apple acknowledged the flaws, but so far, hasn't done anything about them. YGN Ethical Hacker Group has now stated they will fully disclose the vulnerabilities if Apple doesn't fix them in the coming few days.
Permalink for comment 479013
To read all comments associated with this story, please click here.
RE[7]: Responsible?
by Alfman on Wed 29th Jun 2011 02:23 UTC in reply to "RE[6]: Responsible?"
Alfman
Member since:
2011-01-28

I'm not saying it's right, but if we're all honest with one another, very few companies will make security a priority until information about insecurity reaches the public.

For companies where security doesn't drive sales, there's little incentive to be secure except to avoid public embarrassment after the fact. Whether we like it or not, going public is an effective way to motivate companies to enhance security *immediately*.

What is the solution for the lack of motivation otherwise?

More liability? I don't like the thought, but we can debate that.

Security regulation? I have doubts about the effectiveness of this.

A legal time frame after which security consultants are allowed to go public? I think this could work in a fair way, but it would never fly.

Let the public decide adequate security? Obviously this can only work if the public are aware of the relative security of competing companies, but it's hopeless if companies themselves don't even know where they stand, or they lie deliberately to customers.


What is the answer?

Reply Parent Score: 3