TE
TechEcho
Home24h TopNewestBestAskShowJobs
GitHubTwitter
Home

TechEcho

A tech news platform built with Next.js, providing global tech news and discussions.

GitHubTwitter

Home

HomeNewestBestAskShowJobs

Resources

HackerNews APIOriginal HackerNewsNext.js

© 2025 TechEcho. All rights reserved.

Ask HN: What are the rules on publishing exploits?

1 pointsby ParkerKalmost 13 years ago
I've always wondered, what are the rules (ethic wise and legally) on publishing exploits you find? Lets say you find a way to circumnavigate security features on an app; or find an oversight on a websites part where it doesn't verify user input.<p>I've seen people publish exploits anonymously, and on the other hand I've read stories of people like Cody Brocious [1] or Alexey Borodin [2] publicly explaining their exploits. On the other hand Billy Hoffman [3] got a gag order when he tried to reveal his work. Does the type of exploit matter? Are there protections on hackers publishing research? Why is it that people aren't arrested en masse at Defon?<p>[1]: http://www.forbes.com/sites/andygreenberg/2012/07/23/hacker-will-expose-potential-security-flaw-in-more-than-four-million-hotel-room-keycard-locks/<p>[2]: http://www.forbes.com/sites/adriankingsleyhughes/2012/07/21/ios-in-app-purchase-hack-extended-to-include-mac-app-store-apps/<p>[3]: http://en.wikipedia.org/wiki/Billy_Hoffman

1 comment

lawnchair_larryalmost 13 years ago
There are none. Some believe in "Coordinated Disclosure", some believe in "Full Disclosure", some in "Non-Disclosure". The disclosure debate is many decades old. See: <a href="https://en.wikipedia.org/wiki/Full_disclosure" rel="nofollow">https://en.wikipedia.org/wiki/Full_disclosure</a><p>Admittedly, this article is poorly written, but I think it gets the main points across.<p>Disclosing information is not illegal, but that doesn't always stop lawyers from being hostile towards researchers. Attempts to do that usually end up backfiring horribly, but they can temporarily ruin a researcher's day/week/month.
评论 #4378289 未加载