As you may have heard, a software company was breached. While Hacking Team was cleaning up the mess, security professionals were raging on Twitter (#IsHackingTeamAwakeYet). The company was publicly shamed for its bad passwords, worse reaction and questionable business practices on social media. This was probably the worst Monday ever at HT.
A day passed and hopefully everyone has cooled down a bit. Let’s take this moment to remind ourselves we are better than this. Was it really necessary to post random screenshots of private emails from the 400 Gb pack, totally out of context? Or mock HT employees because of something they already knew? Dumping their source code on GitHub?
We in security, have dedicated ourselves to make the awesome applications of the developers, the beautiful designs of the UX designers, the non-stop running infrastructure of the sysadmins – secure for the end-users. So everyday people like moms and kids, grandmothers and whistleblowers, taxi drivers and taxidermists, and uncle Bob (who visits the family once in a year) may all have a peace of mind.
Responsible disclosure is nothing new. Since the advent of the bug bounty programs, vulnerabilities aren’t mocked anymore by security professionals but reported, fixed, blogged and studied instead.
“Be responsible when someone else is in trouble”
Respect privacy even if you don’t agree with the victim’s goals. Be constructive and offer help if you can. Learn from the their mistakes to improve your own client’s security posture. Blog about your findings in a constructive manner to give something back to the community.
Security is our passion and this is what we do the best. Use this unique set of skills to provide that peace of mind to every uncle Bob out there. Because we’re here to help others, and we’re here to make things secure.