Security News > 2021 > October > Missouri Governor Doesn’t Understand Responsible Disclosure
The Missouri governor wants to prosecute the reporter who discovered a security vulnerability in a state's website, and then reported it to the state.
The newspaper agreed to hold off publishing any story while the department fixed the problem and protected the private information of teachers around the state.
No private information was publicly visible, but teacher Social Security numbers were contained in HTML source code of the pages.
The state removed the search tool after being notified of the issue by the Post-Dispatch.
"Putting Social Security numbers within HTML, even if it's 'non-display rendering' HTML, is a stupid thing for the Missouri website to do and is a type of boneheaded mistake that has been around since day one of the Internet. No exploit, hacking or vulnerability is involved here."
In explaining how he hopes the reporter and news organization will be prosecuted, [Gov.] Parson pointed to a state statute defining the crime of tampering with computer data.