correct, and the blackhat infrastructure is far more sophisticated to distribute liability, corporation like.
the person creating a payload is compensated without doing the unauthorized access
the person doing the unauthorized access is compensated without selling the things they found
the person selling the things they found didn’t do the unauthorized access, and is not trying to weaponize the information (lets use an example of identity theft here and below)
the person weaponizing the information is only guilty of using someone else’s credentials or making new credit cards
in comparison, white hat is undervalued when respected, a gamble for being respected enough for compensation at all, and comes with threats of prosecution anyway
the person creating a payload is compensated without doing the unauthorized access
the person doing the unauthorized access is compensated without selling the things they found
the person selling the things they found didn’t do the unauthorized access, and is not trying to weaponize the information (lets use an example of identity theft here and below)
the person weaponizing the information is only guilty of using someone else’s credentials or making new credit cards
in comparison, white hat is undervalued when respected, a gamble for being respected enough for compensation at all, and comes with threats of prosecution anyway