RESPONSIBLE DISCLOSURE

Security researchers know the value in performing vulnerability testing and research against hardware and software, however, manufacturers of that hardware and software may not.  Ignorance – even if intentional – is more important to them. They like to hide behind things like Terms of Use, License Agreements, or Acceptable Use policies in an attempt to prohibit and punish researchers.  RobbLAW understands that this type of research needs to be done because not all manufacturers are willing to conduct it themselves.  These manufacturers reframe the question of “what is in the best interest of society” as “what is in the best interest of the manufacturer?”

When a researcher discovers a new vulnerability, they could publish their findings.  They could also notify the manufacturer and hope to be heard. On the other hand, the manufacturer could file a lawsuit against the researcher to silence him or her or contact the FBI to file a criminal complaint against the researcher.  That could lead to jail time.

This is where Responsible Disclosure comes in.  Responsible Disclosure is an Information Security term for disclosing a newly discovered vulnerability to the manufacturer and allowing them a specific amount of time to patch or remediate the vulnerability before the researcher publishes his or her findings.  This allows the manufacturer time to conduct their own testing and develop a remediation plan while still allowing the researcher to claim the credit for discovering the vulnerability. Even with Responsible Disclosure, the researcher is putting himself or herself at risk by contacting the manufacturer directly because the manufacturer could turn around and press charges against you.  That is why having an attorney make the disclosure on your behalf is important. An attorney can provide the manufacturer with all the information and testing results without being forced to reveal the researcher’s identity. RobbLAW is ready to help.

 

As with any Attorney-Client relationship, once you have hired RobbLAW as your attorney, anything you share with our staff will be kept strictly confidential under Attorney-Client Privilege.

© 2020 Law Offices of RobbLAW.

Contact Us                    Terms of Service                    Privacy Policy