‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, May 14, 2019 5:30 PM, John Young <[email protected]> wrote:
> What's the security benefit of Red Balloon's > attacks? Is this not a type of extortion or maybe > angling for bragging rights, a bribe to keep > quiet or a buy-out from deep-pocketed targets. > Hard to distinguish white hats from black and > gray (also Red Hat), sanctimony from villainy. welcome to the responsible bug disclosure debate, John! this is why many choose no-disclosure, or full-disclosure instead... to wipe blood from hands: build security in, and open source. every hole opened and atoned for with code.
