Quote:
Originally Posted by techhelpbb
Now what am I supposed to do to refute your commentary Eric? Show you this works publicly?
Then what? What's going to be the process then, demand I resign as a mentor, or go after the team I helped start?
|
Someone needed to say this (although perhaps a bit less vehemently). There needs to be an official route for security holes that simply does not exist now. I understand that the good folks at FRC have a ton on their plate already, but there is no incentive structure that exists to make sure these types of problems get reported and solved before they cause havoc at the world championships.
This is what I was getting at with my question about institutional knowledge. Either someone at FIRST knew about this hole, and there was an error in communications, or no one found out about this, because there was no reason for someone outside the small FRC team to go an official route.
I think there needs to be an official way to report bugs and to encourage people to report this type of exploit. An official FRC award for work in security, where as part of the submission process there would be a demonstration of the exploit discovered, would help these problems come out officially rather than being used maliciously. Instead of trying to fight "hackers" by ignorance and fear of persecution, give them a reason to strengthen the system, not destroy it.