FOR NYAMAIMULE ONLY PLEASE DONT TEXT ( Responsible Disclosure)

Case Study 8 — Responsible Disclosure 

 

Resources:

Flawed USC admissions site allowed access to applicant data

Man charged with accessing USC student data

Reporting Vulnerabilities is for the Brave

Spot a Bug, Go to Jail

Black Hat Organizer Unbowed

sla.ckers.org

New Siemens SCADA Vulnerabilities Kept Secret

 

There is an ongoing debate about Responsible Disclosure. Is it ethical (or legal) to report a vulnerability in a computer system or website? If a “White Hat Hacker” reports a vulnerability to the owner of the website, he might get in trouble. Read Breach case could curtail Web flaw finders <Alternate link>(note that you must read all three linked pages–the alt link has them all together) and answer the following questions:

1. Eric McCarty found a flaw in the USC website. What danger did this vulnerability pose, and to whom?
2. Was McCarty’s action malicious? Did it cause harm to USC?
3. Discovering the vulnerability was not itself illegal. What did McCarty do that was illegal? Why did he do it? Be specific.
4. A conviction in this case would likely discourage other security researchers from reporting security vulnerabilities to websites. How could this effect affect the security of the Web? Explain. (4 points)

Mrs. Roberts‘ SQL injection exploit…

 

I need two different work 500 words each.