True security ppl never sells, instead they use them
It is my understanding that if you are deeply involved in security, you should never sell the bugs / softwares for a bounty, instead you shall use them, and only when necessary to do so.
17 posts • joined 6 Aug 2018
>81 per cent received no money for their services
Why would someone work for free? Even working for your own country, you need to get paid - I believe that's called capitalism. If doing something others cannot easily do, you need to be well-paid.
>and 94 per cent went to prison
I strongly doubt this numbers.
Gov agencies got low on their stockpile of cyber, due to recent leaks.
There are a handful of companies and men out there who know how to develop them.
They should talk to their local military ally branch and sign a contract, funding them, in short term.
>requiring certain level of physical training
I believe bcz if they want to work with you, they certainly pass the physicals, a matter of training.
>potentially dangerous missions
maybe bcz they enjoy it
>Or even worse you could do it at Civil Service rates
there is a way around this, hire the consultant services while they are civilians, and welcome them in the next trial
Hopefully they will be put to good use, with better tools, to achieve the very same objective - stop criminals and terrorists.
The tools and the operators sure need warrant and reward, after all it is a gray area - and the organizations using the tools may decide to use them for other purposes other than pursue crims+terrorists - in which case, if you helped with such tools, you cannot be deemed responsible for the bad use of them.
And travelling abroad, only with diplomatic passports.
“This case is another example of a double standard toward prosecuting cybercriminals in post-Soviet countries"...
We need to be careful pointing fingers. Double standards are everywhere. Hackforums+Omniscient+LEA (you know which one) also have been looong date partners, including in sting ops.
While companies and gov-entities still insist in not conduct real-world pen-testing, security will never improve.
If you choose to take a pentest with restrictions, for world+dog only to "see" how good your security is, this will keep happening.
real world attackers (and gov agencies) use - bribing, woman, booze. it is up to the banks (and gov entities) to conduct real-world pentest and avoid this to happen again and again.
its a never-ending game. dangerous game.
>One might think that it would be nice if they had a way to revoke a license
They can revoke the license denying future updates, disclose a watermark in that specific build of the software, send the IP address + email of the buyer to the authorities. But surely this move will hurt their business model.
Biting the hand that feeds IT © 1998–2019