|
|
|
|
|
|
by downandout
3351 days ago
|
|
|
I believe that responsible disclosure is a courtesy to the vendor and its customers. Afaik, there is nothing in the law that requires it. Exploiting vulnerabilities like the one you are discussing here yourself certainly would be illegal, and you could possibly be implicated in a conspiracy if you disclosed the vulnerability solely to one person or group that you knew would exploit it (so "I told my Russian hacker friend about this..let's short the stock before he nails them with it!" would probably be a conspiracy case, whereas a press release or HN posting would not be). But general public disclosure of a vulnerability, and/or trading on the anticipated effects of public disclosure, is not illegal. It likely won't win you friends in the IT community, but it falls short of an indictable offense. |
|
|