Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In that scenario I would MUCH rather the company be aware someone is putting that lust together, notfiy me in advance of the research being concluded, provide updates, organize and manage the contents of that list, offer solutions, patch the fixes in new models, and generally work with the people who already purchased the house.

I would not prefer someone to do it all in secret and then at the last second decide they want to inform the company.

Once such a thing gets broadcasted, there is inherent risk created for a lot of those existing owners that did not exist. Opportunistic criminals are way more common than premeditated ones.

Also if we gain the ability to monitor everyone who is currently probing houses for security issues, then if we are able to have a whitelist of people who pre-notified with their intent then we can more reliably examine people who might be looking to abuse the system.

I guess part of my underlying assumptions here is that we are moving towards a surveillance state and there are no signs of stopping that



> In that scenario I would MUCH rather the company ... notfiy me ... provide updates..

Here is the problem - the company does not give a crap. You get robber, and it's their fault? They don't care. But they will sue the researcher, because the researcher has discovered that it's their fault you got robbed.


Some companies will absolutely give a crap.

And the ones that don't create a paper trail of not giving a crap

The researcher is protected from being sued by being granted permission and following any regulations created for ethical security research.

We can make security notifications from companies mandatory. Now if they try to hide something, and it comes out later, there is documentation of the cover up




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: