Missouri Governor Doesn’t Understand Responsible Disclosure
The Missouri governor wants to prosecute the reporter who discovered a security vulnerability in a state’s website, and then reported it to the state.
The newspaper agreed to hold off publishing any story while the department fixed the problem and protected the private information of teachers around the state.
[…]
According to the Post-Dispatch, one of its reporters discovered the flaw in a web application allowing the public to search teacher certifications and credentials. No private information was publicly visible, but teacher Social Security numbers were contained in HTML source code of the pages…
Continue reading Missouri Governor Doesn’t Understand Responsible Disclosure