|
|
|
|
|
|
by unyttigfjelltol
126 days ago
|
|
|
Contacting the authorities led the company to hire lawyers— for communication with the data protection authority. The lever lawyers have to “make it go away” is “law says so.” They’re not going to beg for mercy, they’re not going to invite you to coffee, no “bug bounty.” From their perspective if they arm-wrestle the researcher into an NDA, they patched the only known breach, retrospectively. Perhaps it’s not prosocial or best practice, but you can clearly see how this went down from the company perspective, with a subject organization that has a tenuous grasp of cyber security concepts. |
|
|