Over nine months ago, a security researcher found vulnerabilities in Panera Bread’s web site. The researcher tried to report the flaws responsibly through the right contacts, got accused of being and scam artist, but eventually got through to someone. Unfortunately, eight months later the company had still not fixed the data leaking flaws. That’s when Brian Krebs got involved, and disclosed the flaws to the public. This incident shows that some vendors still do not take security as seriously as they say, unless they are publicly pressured to do so. Watch the video below for more detail about this InfoSec drama, and what I think it means to responsible disclosure.
Episode Runtime: 6:19
Direct YouTube Link: https://www.youtube.com/watch?v=HGGU8y2L1mw
EPISODE REFERENCES:
- Panera Bread leaks millions of customer records – Krebs on Security
- Original researchers post about the Panera Bread disclosure process – Medium
—Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply