> Yet ethical hackers looking to make a name for themselves would probably be far more willing to responsibly disclose vulnerabilities if money was on the table.

Here's a simple rule of thumb: if you only responsibly report vulnerabilities when they're going to pay you, and otherwise you just publish them to github for everyone to use, you're not an ethical hacker.

Troshichev frames it like 'it's not my fault I posted this exploit to the internet, there was no bounty in place to prevent it!' He could well have reported it to their security teams and been happy with having contributed to the world, but instead he not only discussed the bug publicly, but published a tool allowing people to easily exploit it.

There is no point of view here where Troshichev is any sort of ethical 'good guy'. This is extortion, a thug saying 'Oh, that's really too bad about your windshield. If only there was some way you could pay someone to keep this from happening again. Who knows how bad it could be next time.'

First of all, Forbes reporting on hacking needs to be taken with a grain of salt. Second, he 'would' have 'should' have is easy to say after the fact.

In other news, burglars say they would invade homes and take stuff if they were paid not to.

I thought apple discovered it was a social hack, not a technical one... Or is this just PR?