Title: Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability
Author: Brian Krebs
Published Date: October 14, 2021
So I HAD to find this article. I couldn’t believe my ears when Prof Mackey brought it up. It is the most interesting read. Instead of owning the vulnerability Missouri GOV chooses to blame the reporter for “exploiting” it for publicity. When in reality the reporter found the vulnerability, reported it to the appropriate entity and then held off on publishing the story until the government had the opportunity to remediate the issue. Rather than being thankful, the Governor takes a vindictive stance against the reporter. Key points in this article are the intimidation tactics that the Governor is using. These threats really do hinder future whistleblowers. They prevent good Samaritans from coming forward for fear of being prosecuted.
I hope that as people become more aware of cyber issues they show gratitude when vulnerabilities are disclosed. I believe people react negatively due to their lack of understanding and we must champion security awareness training to address this.