undefined | Better HN

0 pointsstreetfighter641mo ago0 comments

Even better, the mechanic writes a blog post about the dangers of non-functioning brakes, but doesn't tell the car owner, because they didn't have a sign advertising their "car issue bounty program".

Seems to be a systemic issue with computer guys feeling entitled to financial compensation for strange reasons. See also, people licensing their software as "open source" and then being mad when people make money off it.

0 comments

3 comments · 1 top-level

stavros1mo ago· 2 in thread

Even better, the mechanic writes a blog post about how the locks on that guy's car don't work, and how anyone could just steal it, but doesn't tell the guy because, after all, the guy wasn't paying him to.

ignoramous1mo ago

Both of y'all confusing individual with corporate.

  The mechanic writes a blog post about how the locks on [a car model] don't work, and how anyone could just steal [cars], but doesn't tell the [car company] because, after all, the [company] wasn't paying him to.

Especially, when the car company spends on 'certifications' (security audits, in this case) and specifically markets it as a differentiator. That said, uncoordinated public disclosures in cybersecurity are bad form, given the well-established existing norms & culture; but at least, let's get analogies right.

streetfighter64OP1mo ago

Obviously there are a hundred variables that differ between the analogy and the actual situation. You changed one that felt important to you (individual/corporation) but there are still 99 that differ. That's what makes it an analogy instead of just being a retelling of the actual situation.

But yes, if you found a general fault in the locks of a certain car model and publicized it without first informing the company and giving them a fair chance to inform the affected customers, people would probably be annoyed with you. Individuals even, not just companies.

"You chose that car that advertises good locks. Guess what, the locks are actually bad and now I'm gonna publish exactly how, to teach the manufacturer a lesson about paying me money".

j / k navigate · click thread line to collapse