Full disclosure was a thing once upon a time, where exploits and proofs of concept were dumped publicly, forcing companies to fix the issue or be compromised. That’s mostly been moved away from in favor of responsible disclosure, giving companies time to patch the issue before it’s known publicly.
Maybe we should be moving back to full disclosure to force these companies to take data security seriously. Or at least then we could point to a known vulnerability as proof the company is shitty and is neglecting their infrastructure.
Sometimes I read stories of how reading web page source code is tried to be presented as hacking in order to not actually do anything for security, and of white hats sued for doing their job, and think that there are plenty of targets even for someone without exploits or LLMs
Random teenagers can absolutely google “download exploits” and have them available, that’s pretty much always been the case…
https://www.exploit-db.com/
Full disclosure was a thing once upon a time, where exploits and proofs of concept were dumped publicly, forcing companies to fix the issue or be compromised. That’s mostly been moved away from in favor of responsible disclosure, giving companies time to patch the issue before it’s known publicly.
Maybe we should be moving back to full disclosure to force these companies to take data security seriously. Or at least then we could point to a known vulnerability as proof the company is shitty and is neglecting their infrastructure.
Sometimes I read stories of how reading web page source code is tried to be presented as hacking in order to not actually do anything for security, and of white hats sued for doing their job, and think that there are plenty of targets even for someone without exploits or LLMs