About the Initiative
Libertalia is a cybersecurity firm, and our team of security researchers ofttimes discover security flaws in organizations with whom Libertalia is not currently employed. When a security flaw is found on a company’s system, it needs to be transferred into the right hands quickly. This is the only way to ensure it will be resolved safely without public harm. To aid in this process, Libertalia introduced the Good Samaritan Initiative (GSI) to report security flaws directly to affected organizations for resolution.
Many organizations do not have a well-defined means of receiving vulnerability reports from external researchers. In these situations, Libertalia verifies the legitimacy of the security flaw found by our researcher, reaches out to the affected organization, and then shares a detailed encrypted report of the security flaw with the appropriate personnel within the organization to resolve the issue swiftly.
Typically, it is risky for security researchers to report security flaws to organizations that lack formal policies. Will they receive a warm welcome, a cold shoulder, a punitive lawsuit, or a visit from law enforcement? Unfortunately, this uncertainty intensifies a chilling effect that causes security flaws to go unreported and organizations remain at risk.
In the physical world, “If you see something, say something.” is a core tenet of any safe community. The same should be true online, yet far too often good samaritans are pressured to “say nothing.” Encouraging strong relationships with organizations and security researchers is key to creating a safer Internet for all. Libertalia’s Good Samaritan Initiative (GSI) aims to reduce the risk for our researchers and help affected organizations quickly.
Did you receive a message from us?
You likely received an email from our executive team about a security flaw or vulnerability discovered within your organization. We know this may initially seem worrisome or alarming, but rest assured, our intention is only to help. The email is requesting information on the proper individual within your organization to submit the details of the vulnerability discovered. Because of safety concerns, we cannot merely send the details of the security flaw we identified until someone from your organization acknowledges our request and points us to the appropriate personnel to receive the information. It would be unwise for us to send the details without knowing the issue would be investigated and dealt with appropriately.
Were your systems hacked?
No, absolutely not. Please rest assured your organization’s networks, computers, or servers were not hacked or illegally accessed in discovering the security flaw we are attempting to report to your organization. All of our researchers are highly reputable, background checked, and held to a high ethical standard. They never conduct illegal activities when identifying vulnerabilities. That said, the flaw we identified needs to be addressed to keep a malicious attacker from exploiting the same problem.
Still have more questions?
We would be happy to talk with you and answer any additional questions you may have. Please feel free to reach out to our offices.