[arghwhat]

There are no crimes where it is reasonable to be lenient to a first-time offender. It's a matter of intent: Lenience is given to accidents (usually still only the first occurrence), which may or may not have caused a crime.

What they did was to silence a security researcher, produce marketing material with falsehoods, and as a result ultimately damage their customers by allowing a security vulnerability to remain present, and not raise alarms afterwards that customers need to ensure that they were not exploited. They actively decided that harming their customers was okay if it allowed them to avoid attention.

This is not an accident, but an intentionally committed crime. No lenience is warranted.

[a1369209993]

Technically there are plenty of crimes where it is not only reasonable but morally obligatory to be lenient to a first-time offender. Like copyright infringement or sodomy. But in those cases it's also obligatory to be lenient to a second-/third-/etc-time offender, because the law criminalizing them is unjust. Similarly, I strongly suspect that the law unjustly fails to criminalize Slack's negligent disregard for their users security in this case.

I agree that, crime or not, it was intentionally committed, and does not warrant lenience, though.