Hacker News new | past | comments | ask | show | jobs | submit login

Responsible disclosure isn't a requirement for white-hat status, white-hat status just means you don't do any harm. Full disclosure can also be white-hat as can sitting on the bug.



white-hat status just means you don't do any harm

This definition falls short. For example, the hacker who spends time searching for a vulnerability with the intent to do harm, but fails to find one. The hacker has done no harm, therefore by your definition he or she is a white hat despite the fact that they would do harm given the opportunity. For that reason, a person's motivations need to be taken into account in order to provide a proper assessment.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: