Great, thanks for the tip. I'd hesitate assuming what country people live in :) Seems we all have something to learn from each other.

LOL. Sure there's no "monoculture" but there's certainly US culture and it's all about money and "screw you got mine" mindset.

It's OK for the country to have a pervasive culture yet not every resident or citizen of the country to be a part of that culture, or even actively work against it. If you're not one of them matching that description, it shouldn't be insulting, as it's not about you in the first place.

Maybe not everything is aimed towards you, especially if you don't feel like the description actually matches you :)

I'm American. It's the pervasive culture. The brush doesn't need to be narrower.

Every time someone makes a cultural comment here, the reply is always "America is a big country". America can be a big country and still have common cultural elements. It's not inaccurate to say that citizens of a large country mostly share some common characteristics. Those characteristics are what makes them one country.

I think the "others" should open their eyes to the world around them, then.

You are a person and they are a company. Please make sure to differentiate the two entity types when drawing parallels.

That is legally allowed as part of studies, to which a patient must agree after being proposed. Otherwise, it is illegal.

> If I doctor performed a cancer screening on me, for free and without me asking

But that would never happen, so the point is moot.

Even better, the mechanic writes a blog post about the dangers of non-functioning brakes, but doesn't tell the car owner, because they didn't have a sign advertising their "car issue bounty program".

Seems to be a systemic issue with computer guys feeling entitled to financial compensation for strange reasons. See also, people licensing their software as "open source" and then being mad when people make money off it.

I tried watching that but X either broke their video controls or disabled them so I can’t skip ahead and the first couple minutes are _slow_.

The whole bug bounty thing is a mess, admittedly, but lacking a bug bounty program entirely feels like immediately losing the moral high ground on “you should have told us first”. There’s a lively debate about what bugs are worth, but it’s objectively not $0 for many classes because a botnet developer will buy them for some amount.

Personally, a big part of my view is formed by the educated assumption that security practices will never improve unless poor security becomes a liability. That’s unlikely to happen with “responsible disclosure” because it gets swept under a rug. Immediate public disclosure changes that risk calculus a lot. I think wed see a lot more downward pressure from vendors to their suppliers if $RandomSaaS had to worry about losing their pants because Oracle had a vuln published.

If you create a 3rd party app to some closed source insecure back end, thats on you for trusting them or not doing your due diligence.

Time and time again private companies have rug pulled things like api access for 3rd party apps (such as twitter/X). Building 3rd party clients for private systems should already be approached with heavy scepticism and always be prepared for the worst.