I began my day at 4:42am local time, and to me the most American thing (NB it is the 4th of July), is good old fashion hard work. The last several days I have been burdened by yet another slew of Apple product bugs, deficiencies, and gaping securing holes which all started with a discovery that you'll read about here after Apple has been notified and given time to fix.

This is what's called responsible disclosure policy and is critical for ethical hackers/computer security experts (basically the 'good actors') to practice responsible disclosure so that the 'bad actors' can not read a post describing an exploit or proof of concept ('POC') and use that knowledge for evil.

By contrast, those researchers who are eager to receive credit for discovering and, before even attempting to notify the manufacturer/author of the hardware/software, they release a POC or even source code/executable to the public allowing bad actors to act badly.

NB: Responsible Disclosure is NOT the same as:

  • Security by Obscurity
  • Companies such as Apple who will release updates often with no detail other than 'Security Fixes'. This is unacceptable for any customer to accept -- especially for companies who need to know the scope/attack surface to meet regulatory and commercial requirements.

Topics

© 2021 PriVerify Corp. All Rights Reserved.