ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Tue Jul 25, 2017 6:43 am

All times are UTC




Post new topic  Reply to topic  [ 1 post ] 
Author Message
PostPosted: Tue Aug 05, 2014 12:00 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6252
Yeah, non recent news (21 July 2014) but it's interesting for discussions.

Basically the community of developers who work with Steam and Steamworks was angry with Valve because their security support was ... very bad :)

Lack of information, no support, there was even a case in which a developer was banned after having reported an issue, so the situation was (is?) tragic and shameful:
http://steamdb.info/blog/47/

It's important to notice that for people who are not in the security scene, it's possible to have some problems with both the reporting and the evaluation of the reports because they are not used to communicate as expected. So a good bug in a wrong report may cause a wrong response. Moreover with games it's easy to make confusion, so it may be a fault of Valve or maybe not or maybe a partial fault.

Personally I have no complains regarding their response (in terms of time and details) to my bug reports.

In response to that letter, and by coincidence after two of my reports (one of which not reported to them before the release), Valve decided to open a web page with PGP key and information about how to report Steam-related security issues:
http://www.valvesoftware.com/security

No bug bounty, so all you will get is a "thanks" and your name in the changelog or in the hall-of-fame, just like happened many years ago before all the big social networks started to introduce bug bounties.

I reported, report and will report to Valve the security issues affecting "some" parts of Steam because I'm paid to do that.

For stuff that is not covered by my job I will continue with full-disclosure as I usually do, so without contacting the vendor before the public release.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 1 post ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited