Google Project Zero: ‘Here’s the secret to flagging up bugs before hackers find them’


Samsung’s utterly confusing vulnerability reporting website has prompted one of Google’s top security researchers to explain how companies should help researchers report bugs and eliminate hackable flaws in products quickly.

Google’s Project Zero bug hunter, Natalie Silvanovich, who Microsoft has recognized as a top 10 researcher in the world, has a few tips for vendors of all types on how to handle reports from security researchers.

It’s one of the many problems white-hat hackers face when investigating and reporting vulnerabilities to companies that frequently sue security researchers for telling them about a flaw, and sometimes even sue even security news reportersfor telling the public about bugs.

Read more…
Source: ZDNet