Re: Security research.
the security researchers that are pursued are believed to be enabling black-hat hackers by using speech (widely considered a right in the world) to reveal bugs they find in software they have (access to) copies of. these security researchers are not generally exploiting the bugs they find. they do this research within their own facilities. gray-hat hackers (i used to do this many decades ago) do exploits and other break-ins without causing damage or stealing copies of files and data. they often provide information (usually anonymously) to the victim about their exposure.
security researchers have, in the past, simply announced that certain software had exploitable bugs, but found that these bugs were not being fixed. one reason could legitimately be that the developer could not find the bug. in many cases, the business just denied the bug and made no effort to find it. there really have been people would (usually anonymously) make false announcement of bugs, hoping to either harm the developer, or cause a dip in stock price they could exploit through short sales in the stock market (or buy-in at the lower price).
security researchers were often asked to prove that these bugs really do exist. even when they did that only through private communication to the developer, it was found that bugs were still not being fixed.
the public also asked for such proof. so, security researchers said in advance the proof would be made public in the future, after a reasonable time to fix their bug. but the end result was many court orders to block revealing this proof. police pursuit started when these orders were typically violated. it became quite clear that business people (as opposed to individual developers) did not want to make the effort to fix bugs they now knew of.
today, it is now typical for the proof to accompany the announce or be released at the same time. companies still try to engage police and legal processes to pursue these cases more out of "brand harm" than the worry of zero-day exploitation by others (black-hats that are still referred to as hackers by the public).
many security researchers operate anonymously. a few others have developed enough reputation that they can be trusted to be truthful in an announcement not accompanied by proof.
Mask wearer, Social distancer, System Administrator, Programmer, Linux advocate, Command Line user, Ham radio operator (KA9WGN/8, tech), Photographer (hobby), occasional tweetXer
Bookmarks