Comment by 12_throw_away
2 years ago
"Responsible disclosure" is poorly defined corporate wishcasting, and certainly not any sort of best practice or legal shield.
2 years ago
"Responsible disclosure" is poorly defined corporate wishcasting, and certainly not any sort of best practice or legal shield.
The public prosecutor does not pursue cases where responsible aka coordinated vulnerability disclosure was applied. I'd say that's a legal shield of some kind at least, and it is generally also considered best practice in the industry. There's exceptions to everything but, in the general case, I'm not sure where you're getting these viewpoints from
"The public prosecutor does not pursue cases where responsible aka coordinated vulnerability disclosure was applied."
That seems like a pretty substantial claim to make without any sort of "in [country/state/province/etc.]" qualification, let alone a reference.
https://www.om.nl/onderwerpen/cybercrime/coordinated-vulnera...