>>The person who did the disclosure is alternatively viewed as a hero or a villain, but the thing is people are talking about the issue.
This is what I have concerns with. It's this "ends justify the means" argument that disregards some important consequences.
There are many ways to breach these topics. You can go to the FAA. You can go to the individual companies. You can post on mailing lists. Ultimately, it may be a grind. But going the press route with inflammatory statements has consequences that exceed your own experiences with law enforcement. The legislators want to regulate infosec. It won't be pretty when they do.
We need people to understand that a successful disclosure doesn't require headlines in arstechnica. You have to be empathetic to interactions with large organizations. Flashy press may get attention to your issue, but it can also have disastrous consequences for the rest of the community. Is it worth it?
This is what I have concerns with. It's this "ends justify the means" argument that disregards some important consequences.
There are many ways to breach these topics. You can go to the FAA. You can go to the individual companies. You can post on mailing lists. Ultimately, it may be a grind. But going the press route with inflammatory statements has consequences that exceed your own experiences with law enforcement. The legislators want to regulate infosec. It won't be pretty when they do.
We need people to understand that a successful disclosure doesn't require headlines in arstechnica. You have to be empathetic to interactions with large organizations. Flashy press may get attention to your issue, but it can also have disastrous consequences for the rest of the community. Is it worth it?