Maybe you should just try being lucky. I found a critical security vulnerability while working on my scraping project. I told them, they paid me and gave me written permission to scrape.
I know a guy who did exactly that and got sued. The security failure he reported even was a Straftatbestand committed by the company and so he won the process. German companies really love shooting themselves in the foot.
Over here, not just sued, but sued for extortion because they had the audacity to ask for bug bounty. Ok then, if I ever find a security hole that exposes sensitive data, filing a gdpr report it is
Yes, because any circumvention of any form of security, be it as useless as a hardcoded default password, is considered a crime in German law. So even the discovery of a security flaw puts you with one foot in jail, because technically you did something you are not supposed to.
Not like there have been no initiatives. But given that our biggest party also sued after someone pointed out their technical fuck-ups it is not likely to happen.
Maybe you should just try being lucky. I found a critical security vulnerability while working on my scraping project. I told them, they paid me and gave me written permission to scrape.
You are braver than I am because here in Germany usually people get sued for reporting security vulnerabilities.
Yep, don’t do that if you live in a Internet ist Neuland country.
I know a guy who did exactly that and got sued. The security failure he reported even was a Straftatbestand committed by the company and so he won the process. German companies really love shooting themselves in the foot.
Over here, not just sued, but sued for extortion because they had the audacity to ask for bug bounty. Ok then, if I ever find a security hole that exposes sensitive data, filing a gdpr report it is
tf? They should offer you a job if anything.
That is if you’d live in a place with an open attitude toward new technologies.
But the technology is already there in place, and you get sued if you point out security flaws in it? Crazy.
Yes, because any circumvention of any form of security, be it as useless as a hardcoded default password, is considered a crime in German law. So even the discovery of a security flaw puts you with one foot in jail, because technically you did something you are not supposed to.
Time for some reform. Finding security holes is very important and benefits everyone.
Not like there have been no initiatives. But given that our biggest party also sued after someone pointed out their technical fuck-ups it is not likely to happen.