all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How NOT to handle responsible disclosure

Add to bookmarks
Feb. 1, 2022, 3:39 a.m. | /u/damnitdaniel

cybersecurity www.reddit.com

Waaaaay back in 2015, the CSO of Oracle wrote a scathing blog post on vulnerability disclosure. Her message was that security researchers were in violation of the Oracle license agreements if they filed security vulnerabilities back to Oracle. The reasoning was that running binary analysis tools against Oracle products shipped to customers was reverse compilation and breached the TOS. She went on to say that Oracle does all their own scanning and that customers should focus on their own security …

cybersecurity disclosure responsible responsible disclosure

Visit resource

More from www.reddit.com / cybersecurity

Update on previous post “best security practices in gaming development” 5 hours ago | www.reddit.com
can ciso cybersecurity engine +10
Should I be learning Cybersecurity on my primary machine? 15 hours ago | www.reddit.com
accounting auditor cybersecurity free +7
QSA Says we Can't Provide Public WiFi 17 hours ago | www.reddit.com
campus can cybersecurity event +13
Chinese Government Poses 'Bold and Unrelenting' Threat to U.S. Critical Infrastructure, FBI Director Says | … 17 hours ago | www.reddit.com
bureau chinese chinese government critical +10
What is best practice to prevent man in the middle compromising emails? 19 hours ago | www.reddit.com
attack best practice caught cybersecurity +13
High School English Teacher to Cybersecurity Engineer - A How-to Guide 19 hours ago | www.reddit.com
cybersecurity engineer guide high +16
Just me, or is every vendor's website awful. WHAT DO YOU ACTUALLY DO? 21 hours ago | www.reddit.com
article customers cybersecurity edr +17
We have Crowdstrike for our EDR. Can we use it as our primary SIEM? 21 hours ago | www.reddit.com
can cons cost crowdstrike +13
Web API Security Champion: Broken Object Level Authorization (OWASP TOP 10) 22 hours ago | www.reddit.com
api api security authorization broken object level authorization +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Security Engineer, Incident Response

@ Databricks | Remote - Netherlands
View on infosec-jobs.com

Associate Vulnerability Engineer - Mid-Atlantic region (Part-Time)

@ GuidePoint Security LLC | Remote in VA, MD, PA, NC, DE, NJ, or DC
View on infosec-jobs.com

Data Security Architect

@ Accenture Federal Services | Washington, DC
View on infosec-jobs.com

Identity Security Administrator

@ SailPoint | Pune, India
View on infosec-jobs.com
View more jobs