In the day and age where applications are constantly surveyed and found to have bugs, the communication behind reporting them has stirred much controversy. This is especially true in eyes of security researchers. Many firms have done a poor job listening to the individuals who notify them of bugs. This leads not only to frustration, but also leaves it up to the security researchers to decide if and when to release this information publicly.
If the vendors won’t acknowledge the researchers findings, how else will the researchers ensure that an action towards improvement will be taken towards the fix? Although security enthusiasts are often justified in their dissatisfaction at being in this position, Paco Hope, Principal Consultant at Cigital, gives his opinion on the larger difficulties releasing these details can cause for the companies involved and the bugs being fixed properly.
To learn more about the challenges researchers and organizations face when it comes to bug reporting read Paco’s article on Tech Republic.