|
|
Warp wrote:
> No good deed goes unpunished. (Although this is certainly not the worst
> case of someone reporting security weaknesses to some company and getting
> sued for it.)
The trouble is, if you say "hey, your security is really weak, you
should fix it", people tend to not believe you. And if you walk up and
say "hey, your security is really weak, I just hacked all your systems",
they go "OMG, you're a hacker! DIE!!!"
There seems to be no way to win.
Of course, from the other side, *anybody* can walk up and claim that a
system is insecure. That doesn't necessarily mean they know what the
hell they're talking about. And if somebody breaks into your system, you
can either enjoy the bad publicity of having "poor security", or you can
sue the person, which makes them look like the bad guy, not you.
It's easier and cheaper to scapegoat somebody else than fix the problem...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|