undefined | Better HN

0 pointsjampekka2y ago0 comments

Why should you be honest and open with companies? They for sure aren't with you.

0 comments

3 comments · 1 top-level

busterarm2y ago· 2 in thread

It's not about companies. It's about their customers.

Do you even know what Full Disclosure is?

Why should the researchers or other vulnerability spotters care about the company's customers? The companies don't care further than what they can profit from the customers.

Yes, I know what full disclosure is. Companies don't do full disclosure about anything. Full disclosure is better than not disclosing publicly. But monetizing the vulnerability is akin to what companies do.

I find it utterly bizarre that it's totally OK and even lauded that companies are selfish profit maximizing machines that DGAF, but individuals should pamper them like babies.

busterarm2y ago

Full disclosure isn't something for _companies_ to do. It's what _researchers_ do. Full disclosure isn't compatible with the monetization incentives offered by companies. You're publishing in public and immediately.

I think you clearly do not understand what full disclosure is.

1 more reply

j / k navigate · click thread line to collapse