He could have ask a friend to apply the exploit, is a matter of responsibility because you need proofs to support your statements. What would happen if the exploit is not real and he called it out incorrectly?
The author stated that a proof of concept was released. This is a verifiably true fact. Nowhere was it claimed it worked, and in fact that's quite clear by the "unconfirmed" in the title and the "[w]e have not confirmed if this exploit works" in the first paragraph.
Wasn't supposed to be agressive, just wanted to make sure It's clear I completely disagree with you. Sorry if that came off as agressive, that certainly wasn't the intention.
Yes! Emphatically yes! Particularly in the security community this has become quite a problem. People will report on stuff and make claims without actually doing the research and it contributes to some very bad practices over time as things which are factually untrue become accepted as fact.
Alternatively, he did try it, and just doesn't want to admit it because there is no Xbox One bug hunting program so he could be charged under the existing computer hacking laws.
It is not about this case in particular, but what often "bugs" me is the fact that there are people discovering exploits in these locked-down devices --- which could open them up significantly --- and actually advocate/report to get them fixed, making them even more locked-down. I understand that some of them are in it for the $$$, but even when there isn't, they still do it. The phrases "digging your own grave" and "locking yourself out" come to mind... it all seems rather Orwellian.
There is an exemption for security research when it comes to violating the DMCA by breaking crypto & also, it would be his device so honestly, no one is going to really care. Even when it was technically illegal to break device encryption I was doing it and reporting vulns to vendors with no issues because it was in good faith. Low risk.
You cannot be charged for hacking something you own under any existing hacking law. In that case it would be an authorized access, so there is no crime.