“Reporting a vulnerability to CERT-In does not imply being exempt form compliance. Discloser shall be responsible for any action performed by her/him discovering the vulnerability whatsoever,” the Indian Computer Emergency Response Team (CERT-In) said in its new Responsible Vulnerability Disclosure and Coordination Policy. This essentially means that cyber researchers and ethical hackers who report vulnerabilities of websites or systems may be liable to prosecution and must comply with the relevant laws such as the IT Act 2000 and 2008 (amendment). Until now, there was a shortcoming in the availability of information in regards to current vulnerability disclosure programmes and processes of Indian government entities. As a Centre for Internet and Society research study stated, there are “several sections and provisions within the IT Act 2000 which have the potential to disincentivise legitimate security research, even if the same has been carried out in good faith”. Thus, it was imperative for the Indian government to come out with a vulnerability disclosure policy that encourages such research, rather than the current policy, which many feel, is detrimental to the effort. For instance, many netizens termed this move as “shooting the messenger”. https://twitter.com/BharatVarma3/status/1433657123943030790 https://twitter.com/digitaldutta/status/1433649956506591242 Other details of the vulnerability policy Details expected for CERT-IN to look into claims of vulnerability The product(s) affected The exact software version or model affected Vendor details Description of the vulnerability along with concise steps to reproduce the reported vulnerability along with supporting evidence such as: Proof of concept (PoC) Code sample Crash reports Screenshots and Video recording…
News
CERT-In has a new vulnerability disclosure policy that doesn’t spare the messenger
The policy introduced by India’s first responder to cyber attacks could put researchers and ethical hackers in harm’s way.
Please subscribe to MediaNama. Don't share prints and PDFs.
You May Also Like
News
Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...
Advert
135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...
News
By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...
News
Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...