|
|
|
|
|
|
by tremon
1014 days ago
|
|
|
there needs to be consent from the company being probed for vulnerabilities What is the type of scenario that you have in mind here? Do you mean probing a web service for vulnerabilities, performing security assessments as part of pre-sale publications (think Consumer Reports, Anandtech reviews etc), or performing pen-testing on a device I bought and is now running on my home network? Because you appear to be arguing that I shouldn't be allowed to examine a device I own without explicit manufacturer consent. |
|
|
As a related note, I do firmly believe in right to repair, and if you own something you can do whatever you want with it.
Partial ownership seems to be a thing now. So I think there is a lot of missing framework around managing that properly.
Long story short - I think there is room for manufacturer consent / acknowledgement / notice to be part of the solution and if it can be part of the solution then it should be. We may need regulation around that, it likely cannot be left solely to the companies discretion and may even need an aggressive "receipt but no reply by X days is considered consent" clause - but I would like to promote solutions that come with communication between the effected parties