• Uriel238 [all pronouns]@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      42
      ·
      9 months ago

      White hats can be prosecuted via the CFAA. they usually aren’t (most of us are guilty of CFAA penalties) but some companies got sour to fixing their web security and instead would sue and push to prosecute.

      So in the early 2010s the white hat community went gray to survive. And companies that don’t pay their bounties oe cause trouble don’t get pen tested by white hats (at least not when wearing a white hat).

      • Patches@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        5
        ·
        9 months ago

        How do you know if a company is going to pay to fix?

        Do you just have to take a chance and notify them?

        Either I make a bunch of money, or they say fuck off, or they send me to jail? It seems too iffy

        • aksdb@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          I assume the idea is, that the company then has a contract with the hacker, so they can no longer sue him. They essentially hack themselves via proxy.

    • WallEx@feddit.de
      link
      fedilink
      English
      arrow-up
      29
      ·
      edit-2
      9 months ago

      Thats what white hats would do and what these contests are usually for

      But its more like a bughunt with an open Bounty then selling afaik