OM: keep track of logging with ethical hacking

Oct

18

2018

The Public Prosecution Service advises people who look for leaks in systems to keep a log file. In this way they can demonstrate that they comply with requirements for responsible disclosure and, if necessary, avoid criminal prosecution.

The Public Prosecution Service sets out what can and can not be done in the search for bugs, leaks and other vulnerabilities in ICT systems. In doing so, the Public Prosecution Service points out that targeted search is not permitted unless the owner of the system has explicitly given permission.

Those looking for leaks on their own, do not have to expect legal action if they are systems of organizations that have policy for coordinated vulnerability disclosure or responsible disclosure and if the hacker adheres to the conditions of that policy. The ethical hacker must then be able to demonstrate this. “It is therefore useful to keep track of all your steps in a log file”, according to the Public Prosecution Service.

Publication of vulnerabilities always takes place in consultation with the organization and if an organization does not hear anything for a while after a report, the hacker can contact the NCSC if necessary, the Public Prosecution Service continues. In addition, a disclosure can not be dependent on a reward: “So even if you do not get money you have to respect the confidentiality.”

The page was drawn up after a case where an IT officer was prosecuted for computer intrusion, after finding a leak in the site of the Central Bureau for Genealogy. An appeal to ethical hacking did not succeed, partly because the man did not act proportionally. The judge ultimately did not impose a penalty .

Viewing:-55

In: A Technology & Gadgets Asked By: [20977 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »