The SiliconRepublic.com ran a story on Friday that highlighted a security defect on the Department of Agriculture’s website. Apparently the reported vulnerability enables anyone to browse details of any farmer who has received money from the EU Common Agriculture Policy payments scheme.
The article claims that the Department of Agriculture were not aware of the security hole and according to this report they do not believe this is a security breach. This seems to indicate that the person who found the problem did not notify the department directly but instead chose to go to the press with the details. It seems a strange motive as the person has also asked to remain anonymous, so the motive for such a move may not have been to seek their 15 minutes of fame.
Irrespective of the motive I would hope that those in the Information Security profession here in Ireland would have the proper ethical training and raised the issue with the Department first rather than go to press with the details. This also begs the question how many people who claim to be Information Security professionals here in Ireland actually are aware of the ethical standards associated with our profession?