|
|
|
|
|
|
by hifromwork
742 days ago
|
|
|
Agreed. On the other hand, there should be legal repercussions if the vulnerability was found exploited in the wild (in Europe this is partially handled by GDPR, but AFAIK only if it can be shown that personal data is affected - not a lawyer obviously). This aligns incentives nicely: * Company creates a responsible disclosure program, users/researchers report problems for money/blog post fame, users are secure. Also security team becomes more important, because vulnerabilities cost (more) actual money.
* Or company doesn't create a responsible disclosure program, someone exploits the bug in the wild, users are angry and the company is fined. |
|
|