[rhizome]

I think it is a stretch. What basis would someone use, who knew enough to disclose immediately, to bet their freedom that it was being exploited by others such that they could exploit it without their initial disclosure providing probable cause that he was the exploiter? I can't even think of a movie where that happens, probably because it's impossible to create a suspension of disbelief with the plotline.

[tluyben2]

> think of a movie where that happens, probably because it's impossible

Always reminds me of a CSI (original series) interview with the actor who played Grissom; the writers contacted the police and forensics labs for story ideas but the real life events were so insane that they would feel too fabricated for television.

People are generally greedy and often dumb; maybe they found an open house door, put a little note in the mailbox, slept on it and thought maybe they could get away with a further peek inside if no one closed the door yet (which makes the perpetrator think they didn’t read the note yet)?

[judge2020]

On one hand, someone working infosec might also have access to a spare computer running tails, which they use to sell the exploit to a third party exploit customer, but only after reporting the exploit to the victim company to cover their tracks regarding liability for things like those IP logs. On the other hand, it's not uncommon for a vulnerability to be detected multiple times by different unrelated people, especially if that vulnerability makes itself know via semi-regular use of the product/service.

[treis]

Aren't you just proving their point?