undefined | Better HN

0 pointsDangitBobby1y ago0 comments

> someone tried to help him, he responded by making threats

My whole point is that he doesn't actually know what the researcher wants, saw it as a threat, and responded to it as if it were a threat.

> You're the first person to ever make any claim remotely close to saying any "researcher" has any kind of power.

Having the entirety of their application database including customer PII, possibly the capability to encrypt the database and extort the company with it, not to mention the possibility of other potentially undisclosed vulnerabilities, decidedly IS significant power over a company. That's how bad actors are able to use any combination of these things to make money.

> Much stronger than the expectations I have for security researchers, I wouldn't want my CEO to respond to them like a petty twat.

I agree whole-heartedly. As for the rest, we more or less agree, you just are putting the onus on the CEO. I also expect more out of a CEO. I just don't think that feedback is actually particularly constructive to the audience here at HN.

0 comments

grayhatter1y ago

> I also expect more out of a CEO. I just don't think that feedback is actually particularly constructive.

Your attempts to put any onus on the researcher are actively harmful. No one should point finger at the researchers trying to help. We should all point fingers at the primary person who's able to prevent bad things happening. You haven't once attempted to put any responsibility on the CEO. This is the first time. You asked in another reply if everyone else is being dense; but you're the one blaming the researcher, did you stop to consider if everyone disagrees with you, that maybe you're the problem?

edit:

> My whole point is that he doesn't actually know what the researcher wants, saw it as a threat, and responded to it as if it were a threat.

Yeah, and doing that was gross negligence. There's a reason you're not allowed waive harms arising from gross negligence.

DangitBobbyOP1y ago

The CEO is not here, and will never, ever be here, so criticism of him is not constructive, further the author already criticized him and so do many comments here. It is plain to see he acted like an idiot, and no one thinks he is the hero here. That's why it's not constructive. Maybe my response is actively harmful, I don't know, that's not what I'm after, of course.

j / k navigate · click thread line to collapse