This does not protect companies. Openness is the route to computer security. Security through obscurity is a sham.
Anti-hacking laws ‘can hobble net security’
Good Samaritans discouraged by threat of prosecution
By Robert Lemos, SecurityFocus
Published Monday 18th June 2007 09:52 GMT
Mobile computing: Opportunities and risk – Free whitepaperJeremiah Grossman has long stopped looking for vulnerabilities in specific websites, and even if he suspects a site to have a critical flaw that could be compromised by an attacker, he’s decided to keep quiet.
The silence weighs heavily on the web security researcher. While ideally he would like to find flaws, and help companies eliminate them, the act of discovering a vulnerability in any site on the internet almost always entails gaining unauthorised access to someone else’s server – a crime that prosecutors have been all too willing to pursue.
“I have long since curtailed my research,” said Grossman, who serves as the chief technology officer for website security firm WhiteHat Security. “Any web security researcher that has been around long enough will notice vulnerabilities without doing anything. When that happens, I don’t tell anyone, rather than risk reputational damage to myself and my company.”
…