Hacker News new | past | comments | ask | show | jobs | submit login

Usually when these things are investigated it turns out the targeted company had obvious security vulnerabilities and were too obtuse to correct them. Consider a bank keeping their cash in an open box in the middle of the street. It's wrong to raid the box, but it's also irresponsible on them not to have good security in place.



Yes, and WhiteHats would raise those security concerns with the company, privately, and work with them to get it solved. If the company didn't work to fix them, that's when you raise it publicly.


Not with something high-profile like banks - they should be having their security check all the time, why should someone pentest them for free?

And if clients don't know how secure their bank is, they don't really have a choice other than guessing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: