14 May
2019
14 May
'19
8:02 p.m.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, May 14, 2019 5:30 PM, John Young <jya@pipeline.com> wrote:
What's the security benefit of Red Balloon's attacks? Is this not a type of extortion or maybe angling for bragging rights, a bribe to keep quiet or a buy-out from deep-pocketed targets. Hard to distinguish white hats from black and gray (also Red Hat), sanctimony from villainy.
welcome to the responsible bug disclosure debate, John! this is why many choose no-disclosure, or full-disclosure instead... to wipe blood from hands: build security in, and open source. every hole opened and atoned for with code.