Hacker News new | ask | show | jobs
by MrDresden 2021 days ago
While I get your sentiment, I must disagree.

Profiting from the very likely unethical use of the exploit would be unethical.

Instead this mishandling by M$ should rather cause researchers to publicly announce the vulnerabilities which would hopefully cause M$ to change their ways in future dealings.

It is ofcourse easy for me to say this, not being a researcher who lives off of the discoveries made.
1 comments
krageon 2020 days ago
Participating in a system that exploits researchers for free labour using societal guilt-tripping is the unethical move here. That means you.
link
MrDresden 2019 days ago
I see you completely missed my point.

My point is that in the case of M$ the defects could be publicly announced to all parties at once as a way of making M$ realize that how bad their handling is/was. In all likelyhood this shouldn't have to happen for too long before they would realize their mistake.

Many other corporations do indeed value the discoveries of researchers and do pay accordingly for being notified. Never did I suggest that this should become the industry norm (i.e not paying for private disclosures).

Now what ever your personal feelings on that idea is, it does not change the fact that selling exploits to other parties would be unethical.

Furthermore, participating in a system that promotes assumptions and flawed reading comprehension is not conductive to a good discourse. That means you.

link