Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This moral judgement is mistaken because its premise is false. The moral blame lies on the company that allowed the problem to happen, not the person calling attention to it. It's not at all the same as "if I leave my door unlocked..." type scenarios. It's perfectly legal to register .io's nameservers.


That's a cop out. If your actions reasonably cause harm to other people, regardless if those actions are "calling attention to" or actually pulling the trigger, that's a moral evil.

If someone goes around the town telling everyone that you leave your door unlocked, while they can't be legally held responsible, they're still morally responsible if someone goes in and steals your stuff armed with that knowledge.

Companies fixing their stuff before that happens is in everyone's best interests at the end of the day - hence responsible disclosure.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: