TechRepublic|Forums|Security

Security

Question

  • Creator
    Topic
  • May 8, 2021 at 8:46 am #2141570

    Publishing a critical security vulnerability

    Locked

    by francis1620463124 · about 2 years, 7 months ago

    Tags: 

    Assume – you find a critical security vulnerability in your software product (through code inspection) and published a new version which contains the fix.

    What are the next steps you should do. Do you let know your customer/evaluators, do you publish the security vulnerability on particular forums, are there any legal requirements …

    The concern is that hackers might find out about the vulnerability before the users have had an opportunity to update their environment.

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Answers

  • Author
    Replies
    • May 8, 2021 at 4:27 pm #2412930
      Avatar photo

      You need to be clear here.

      by rproffitt · about 2 years, 7 months ago

      In reply to Publishing a critical security vulnerability

      There’s nothing new in your discussion. And legal concerns are taken up with your legal department or counselor (varies with country.)

      Most companies tend to publish the fix, notify customers and that’s it. I did not write “This is the way.”

  • Author
    Replies
Viewing 0 reply threads