Puzzle for January 23, 2006
You discover a security flaw in the operating system on your company's
computer. The flaw enables any user to read any other user's files,
regardless of their protection. You have several choices: you can keep
quiet and hope no-one else discovers the flaw, or tell the company,
or tell the system vendor, or announce it on the Internet.
- Suppose an exploitation of the vulnerability could be
prevented by proper system configuration.
Which of the above courses of action would you take, and why?
- If an exploitation of the vulnerability could be detected
(but not prevented) by system administrators, how would this change
your answer to question 1?
- Now suppose no exploitation of the vulnerability can be
detected or prevented. Would this change your answer, and if so, how?
Version of January 23, 2006 at 7:20 AM
You can also obtain a PDF version of this.