Now People Are Encouraged To Report Security Problems
from the conflicting-advice dept
Okay, now what do we do? Just yesterday we were arguing about a law saying it was illegal to break copy protection schemes while now CERT is saying that they’re encouraging people to publicize security flaws. They’re going to start reporting all security flaws that they come across (though they’ll give people 45 days to fix them before going public). Obviously, I agree with CERT’s stance, as I think it makes systems stronger in the long run. I just wonder what happens when someone reports to CERT that they’ve broken a copy protection scheme? Do they report it, or do they throw the person in jail?