undefined | Better HN

0 pointswaihtis2y ago0 comments

> (a) There's no such thing as "ethical hacking"

Weird stance. Sure, you may disagree on the limitations of scope of various ethical hacking programs (bug bounties and such) but they consistently highlight some very serious flaws in all kinds of hardware and software.

Going out of scope (hacking a company with no program in place) is always a gamble and you’re betting on the leniency of the target. Probably not worth it unless you like to live dangerously.

0 comments

kasey_junk2y ago

His point is that the way the term is used, to protect vendors, has nothing to do with ethics.

If a researcher found a serious vuln, the ethical thing may very well be to document it publicly without coordination with the vendor, especially if such coordination hurts users.

j / k navigate · click thread line to collapse

0 pointswaihtis2y ago0 comments

> (a) There's no such thing as "ethical hacking"

Going out of scope (hacking a company with no program in place) is always a gamble and you’re betting on the leniency of the target. Probably not worth it unless you like to live dangerously.

0 comments

kasey_junk2y ago

His point is that the way the term is used, to protect vendors, has nothing to do with ethics.

If a researcher found a serious vuln, the ethical thing may very well be to document it publicly without coordination with the vendor, especially if such coordination hurts users.

j / k navigate · click thread line to collapse