[notarobot123]

Just to play devil's advocate, couldn't sending zero-day exploits to a foreign nation's intelligence service potentially cause the sender significantly more trouble.

[wongarsu]

Finland is a NATO country, so for most people on this site you would be sending it to a government agency of an allied nation. Punishing that would make it look like you don't trust your allies

The other angle is that you are obviously doing it in good faith, on the assumption that they will try to work with the vendor to fix and responsibly disclose the vulnerability

[johnbarron]

It depends on the country apparently:

"Israel reached out to US hackers for ‘Zero Days’ tools" - https://www.timesofisrael.com/israel-reached-out-to-us-hacke...

[paulryanrogers]

Because... your home country or affected company could consider it espionage? Sounds like a stretch.

[reaperducer]

Just to play devil's advocate

Why?

[bauldursdev]

Because information asymmetry benefits those with the information. If the devil understands your argument, and you don't understand the devil's argument, the devil will have information advantage.

[reaperducer]

Not everything in life deserves to have both sides aired.

For example, the Internet giving every crackpot wingnut on Earth an equal voice with scientists is how we end up with measles outbreaks.

[0xDEFACED]

it's a good question