312-50V10 · Question #403
A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash. The technician resea
The correct answer is D. Notify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.. This question tests knowledge of responsible vulnerability disclosure, a core ethical obligation for IT professionals who discover software bugs.
Question
A computer technician is using a new version of a word processing software package when it is discovered that a special sequence of characters causes the entire computer to crash. The technician researches the bug and discovers that no one else experienced the problem. What is the appropriate next step?
Options
- AIgnore the problem completely and let someone else deal with it.
- BCreate a document that will crash the computer when opened and send it to friends.
- CFind an underground bulletin board and attempt to sell the bug to the highest bidder.
- DNotify the vendor of the bug and do not disclose it until the vendor gets a chance to issue a fix.
How the community answered
(15 responses)- A7% (1)
- B7% (1)
- D87% (13)
Why each option
This question tests knowledge of responsible vulnerability disclosure, a core ethical obligation for IT professionals who discover software bugs.
Ignoring the bug is irresponsible because other users remain at risk and the vendor has no opportunity to issue a fix.
Creating and distributing a document that exploits the bug is malicious and potentially illegal under computer fraud and abuse laws.
Selling a bug to underground markets is illegal and unethical, as it enables criminal exploitation of the vulnerability rather than protecting users.
Responsible disclosure requires notifying the vendor privately and allowing time to develop a patch before any public disclosure. This protects all users from potential exploitation while giving the vendor the opportunity to remediate the issue. It is the industry-standard ethical and professional response when a previously unknown bug is discovered.
Concept tested: Responsible vulnerability disclosure ethics
Source: https://www.cisa.gov/coordinated-vulnerability-disclosure-process
Topics
Community Discussion
No community discussion yet for this question.