Linked by Thom Holwerda on Tue 28th Jun 2011 22:16 UTC
Apple With all the news about Anonymous, LulzSec, Anti-Sec, and so on, you'd almost forget there are more ethical hacking groups out there as well. One such group, YGN Ethical Hacker Group, informed Apple of several weaknesses in its developers website on April 25. Apple acknowledged the flaws, but so far, hasn't done anything about them. YGN Ethical Hacker Group has now stated they will fully disclose the vulnerabilities if Apple doesn't fix them in the coming few days.
Thread beginning with comment 479019
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Responsible?
by Bill Shooter of Bul on Wed 29th Jun 2011 05:55 UTC in reply to "Responsible?"
Bill Shooter of Bul
Member since:
2006-07-14

A thousand times: YES. Time and time again, companies have shown they will not fix security issues unless they are disclosed or threatened to be exposed. Security researchers are not the only ones that look for exploits. In fact most exploits are found after they have been exploited ( without any public disclosure by a security researcher). The public disclosure ensures that all stake holders have a better idea of the risks and can make better business decisions based on that; ie rewarding companies with good security and punishing those without good security.

I know I've posted this a few times here already, but since the same conversation keeps coming up here it is again:

http://www.schneier.com/blog/archives/2007/01/debating_full_d.html

Edited 2011-06-29 05:57 UTC

Reply Parent Score: 3