Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> it's like saying the developer of ransomware shouldn't get in trouble for making it if they just made it public instead of using it themselves

They really shouldn't.

Neither should any other security researcher who publishes exploits.

Neither should any other developer of cryptographic technology.



Big difference between writing a report on a vulnerability and writing malware that exploits it.


is there? what's the difference?


I think there is a difference between identifying an exploit exists and making a tool that makes it easy for anyone to exploit. I think if you are releasing a tool to act on security vulnerabilities it should be done so very carefully so that it can't be easily used to commit crime.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: