Disclosing Software Vulnerabilities: An Ethical Perspective

1.0UNI FRhttps://www.uni.lu/frUNI FRhttps://www.uni.lu/frDisclosing Software Vulnerabilities: An Ethical Perspectiverich600338<blockquote class="wp-embedded-content" data-secret="dHrHzo8o9K"><a href="https://www.uni.lu/fr/news/disclosing-software-vulnerabilities-an-ethical-perspective/">Disclosing Software Vulnerabilities: An Ethical Perspective</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://www.uni.lu/fr/news/disclosing-software-vulnerabilities-an-ethical-perspective/embed/#?secret=dHrHzo8o9K" width="600" height="338" title="« Disclosing Software Vulnerabilities: An Ethical Perspective » — UNI FR" data-secret="dHrHzo8o9K" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script> /*! This file is auto-generated */ !function(c,d){"use strict";var e=!1,o=!1;if(d.querySelector)if(c.addEventListener)e=!0;if(c.wp=c.wp||{},c.wp.receiveEmbedMessage);else if(c.wp.receiveEmbedMessage=function(e){var t=e.data;if(!t);else if(!(t.secret||t.message||t.value));else if(/[^a-zA-Z0-9]/.test(t.secret));else{for(var r,s,a,i=d.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),n=d.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),o=new RegExp("^https?:$","i"),l=0;l<n.length;l++)n[l].style.display="none";for(l=0;l<i.length;l++)if(r=i[l],e.source!==r.contentWindow);else{if(r.removeAttribute("style"),"height"===t.message){if(1e3<(s=parseInt(t.value,10)))s=1e3;else if(~~s<200)s=200;r.height=s}if("link"===t.message)if(s=d.createElement("a"),a=d.createElement("a"),s.href=r.getAttribute("src"),a.href=t.value,!o.test(a.protocol));else if(a.host===s.host)if(d.activeElement===r)c.top.location.href=t.value}}},e)c.addEventListener("message",c.wp.receiveEmbedMessage,!1),d.addEventListener("DOMContentLoaded",t,!1),c.addEventListener("load",t,!1);function t(){if(o);else{o=!0;for(var e,t,r,s=-1!==navigator.appVersion.indexOf("MSIE 10"),a=!!navigator.userAgent.match(/Trident.*rv:11\./),i=d.querySelectorAll("iframe.wp-embedded-content"),n=0;n<i.length;n++){if(!(r=(t=i[n]).getAttribute("data-secret")))r=Math.random().toString(36).substr(2,10),t.src+="#?secret="+r,t.setAttribute("data-secret",r);if(s||a)(e=t.cloneNode(!0)).removeAttribute("security"),t.parentNode.replaceChild(e,t);t.contentWindow.postMessage({message:"ready",secret:r},"*")}}}}(window,document); </script> Naturally, we want our software and the services that we use to be secure, and this often requires discovering vulnerabilities and taking actions to fix them. But what is the right way to disclose vulnerabilities to vendors and the public? https://www.uni.lu/wp-content/uploads/sites/11/2022/10/disclosing_software_vulnerabilities_an_ethical_perspective.jpg800600