undefined | Better HN

0 pointsdahwolf2y ago0 comments

Agreed.

I think they should negotiate a security test beforehand. For their own sake but also to get a buy-in. And if a company categorically refuses, you can then publish that, or share that you worry about a lack of track record in known security audits. That's a professional way to hold them accountable.

Breaking into a system unannounced and then stating "do what I say...OR ELSE", is neither legal nor professional. When you're surprised that this will be perceived as an attack instead of being helpful, I don't know what to say.

0 comments

bluepod42y ago

> When you're surprised that this will be perceived as an attack instead of being helpful, I don't know what to say.

Correct. This is why I believe they (or at least some of them) weren’t actually surprised lol.

> If you can’t tell from his wisdom, it was not Cooper’s first time dealing with legal threats.

This is a quote from the post. The author acknowledged that his fellow researcher was experienced with interacting with lawyers for exactly this kind of scenario.

Red flag. Red hat?

j / k navigate · click thread line to collapse