[juujian]

I would argue that it is an ethical thing to do so if it sends a signal to pay whitehats appropriately.

[akerl_]

Who is getting that signal?

Burger King is almost certainly going to experience no damage from this.

Their takeaway will likely be entirely non-existent. They’ll fix these bugs, they’ll probably implement zero changes to their internal practices, nor will they suddenly decide to spin up a bug bounty.

[chimpanzee]

The signal is for the hats. Black hats may be more likely to attack. White hats will find better things to do. Some might even swap hats.

[akerl_]

You’ve described a totally different “signal” than the comment I replied to.

[chimpanzee]

I guess I should have made it clearer by making the implicit explicit:

“The signal isn’t to pay white hats more, instead…”

And perhaps an addendum such as:

“…which will then, indirectly and in the long run, create the signal you were replying to.”

[akerl_]

Ah. I don’t have much optimism that companies like Burger King will ever get that 2nd signal (mostly because I don’t think the average consumer-facing business suffers much impact from this kind of incident), but I agree with your premise.

Appreciate your clarification despite the bluntness of my reply.

[chimpanzee]

And I appreciate your reply. It fixes the tone in our little thread and refocuses it on the topic. Thank you.

Also, you’re probably right, the signal will likely pass right over Burger King’s crown.

[juujian]

Yeah, the signal is not exclusively to Burger King.