Hacker News new | past | comments | ask | show | jobs | submit login

Perhaps rather than legalizing hacking, we should inject a common middleman into the vulnerability reporting process. In the US, it could be the Consumer Product Safety Commission. It would ensure that those accepting reports are knowledgeable and treat the report as important and also protect companies from having to deal with random white hats. Serious enough vulnerabilities could result in fines that are partially paid to the reporter as a bounty. It would also protect white hats from threats or retribution since they could remain anonymous if they choose.

We already have a process in place to deal with flaws in products produced by unlicensed entrepreneurs. We just need to extend it to apply to software products and services.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact