I write this article in the wake of revelations about how university students were treated after reporting a security vulnerability to a popular local app. In my current role as head of Department of Computer Science at the University of Malta, I have been aware of this case for a few months. There is plenty about the details of the case which angers and saddens me, but I am unable to comment on specifics due to ongoing investigations. Nevertheless, the fact that teenagers reporting a vulnerability are facing criminal investigation, having equipment seized, studies affected, being strip-searched, and held in a cell with other potentially violent criminals indicates to me that, at the very least, we have a severe lack of knowledge across camps in the country; knowledge which is essential to help Malta navigate the perils of the online world going forward. Firstly, the people reporting the problem need to be aware that the company may not have the same knowledge about cybersecurity practices that they do. The mere mention of a security breach is enough to cause set alarm bells ringing, let alone bug bounties and the establishment of a deadline. Similar to the way a doctor needs...
↧