|
|
|
|
|
|
by lambda
4305 days ago
|
|
|
Because most people aren't in it for "fame and recognition" or "vanity"? If I find a bug in a piece of software, or something misconfigured, I tend to report it and move on. I don't try to hide my identity before reporting it. A security vulnerability is just a bug or misconfiguration, that happens to be exploitable for nefarious purposes. The responsible thing to do is to notify those responsible, and anonymity doesn't help with that; they may need to follow up to ask questions to find out more details about it. While there are some people in the security community who are prima donnas, who try to hype them selves and their exploits to gain recognition, this case does not appear to have anything to do with that. This is someone who sent a private email to those responsible, and then started seeing articles online and getting complaints emailed to his college about irresponsible hacking of other institutions websites in front of students. |
|
|