|
|
|
|
|
|
by kbenson
4576 days ago
|
|
|
I think that oversimplifies the problem. I think a scope helps keep overeager researchers from doing things that result in legal problems for the company. For example, are laws that require notification of data breaches and personal identification triggered in certain cases? This isn't an academic setting, these are real businesses. I think the best of both worlds would be very wide scopes with targeted limitations. Don't log into user accounts or company accounts at other services, but here's a few sample user accounts that are fair game and if it's an external service, here's a rep to vet whether credentials you gathered are correct or not. |
|
|