What do you think should be the modus operandi for an ethical hacker while dealing with a new exploit. To put it more clearly and in simple terms, say for example, an ethical hacker come across a new exploit while working. Now the first step that he will be initiating is to protect his systems from the subject exploit. What are the other steps that a ethical hacker is supposed to do? Does any of the certification body talk about these issues? Is he supposed to inform anybody or can he submit a work report on the exploit to any of the certification body?
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor
[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n