What to do if you find a security problem in your browser

Do you want to research and uncover browser security holes? Great! Go ahead, the web will be a better and safer place because of your efforts. And trust me, there are problems waiting to be discovered…

However, there are some un-written rules of security research that are worth keeping in mind. Most important of them is to remember to contact the product vendor before publishing the problem anywhere, and wait for their response.

Why is this so important?

Well, first and foremostly it may prevent malicious coders from learning about an exploit before the vendor has a patch that will protect the users.

Secondly, it will boost your status as a security researcher. Browser vendors – be it Opera, Mozilla or Microsoft – appreciate your help in finding security problems. They will acknowledge your help in their security advisories if you approach them about a problem and don't make it public until a fix is available. That again gives you name recognition and professional attention.

Finally, waiting for vendor response will also make you sure that what you found actually is a security problem. Many problems and bugs are not security issues. If it isn't a security problem and you have made it public, you just demonstrated that you are not a professional researcher, and you end up looking silly in public. Don't.



One thought on “What to do if you find a security problem in your browser

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s