Disclosing Vulnerabilities is Hard

Since delving into web application penetration testing I have discovered multiple critical vulnerabilities. But then what? With the adrenaline still running through my body after realizing I learned something about an app that even the developers  don’t know  can be exhilarating. And believe me it feels amazing but after 10 minutes of self congratulations and a few failed attempts to explain why i am so excited  to my spouse I realize I forgot to ask the question whats next?

From full on jumping and screaming excitement to ohhhh shiiiiit!!! If I don’t play this right am I going to jail? For a wile there my brain pulls up all the crazy odds fringe cases that landed hackers in jail for what seemed like innocuous testing. The worst part is that feeling  of uncertainty and worry. That is the feeling that sticks around for the next few days. I am not saying I did anything wrong in my testing by any means however it is easy to worry when I find something high impact.

The funny thing is I don’t have a solution to this problem. The best I can do is tell myself it matters that I am an ethical security researcher trying to make the internet a better more secure place. I hope that matters as much as I think it should. But the truth is I don’t know.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: