Hacker News new | past | comments | ask | show | jobs | submit login

You are on the mercy of the guy who found the vulnerability, if you like it or not. This person can have any personality and most of them don't care about your costs. They did your work and invested a lot of time. Most of then don't want money, they want appreciation for what they did. You can give it to them, or they take it and they have the perfect tool for that.



Entirely true. And that person is at the mercy of their governing law and the company's ability to pursue and press charges should they decide to take matters into their own hands, regardless of intent (unless their governing law takes intent into account).


Has he been arrested yet? If not, I wonder why not. Github should press charges.


There's a big difference between acknowledging that a crime can be committed, and condoning that crime when it happens.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: