Comments on: QotW #22: What are legal/ethical concerns to bear in mind, when hacking websites with open invitations? http://security.blogoverflow.com/2012/04/qotw-22-what-are-legalethical-concerns-to-bear-in-mind-when-hacking-websites-with-open-invitations/ The Security Stack Exchange Blog Sat, 06 Feb 2016 05:11:22 +0000 hourly 1 https://wordpress.org/?v=4.5.6 By: roryalsop http://security.blogoverflow.com/2012/04/qotw-22-what-are-legalethical-concerns-to-bear-in-mind-when-hacking-websites-with-open-invitations/#comment-973 Mon, 09 Apr 2012 13:57:02 +0000 http://security.blogoverflow.com/?p=610#comment-973 I think you are right Yoav – they do encourage research, but I think the message was one of assessing the risks and planning accordingly. In many cases the risks will be minimal or non-existent but it pays to carry out sanity checks prior to this sort of thing.

]]> By: Yoav Aner http://security.blogoverflow.com/2012/04/qotw-22-what-are-legalethical-concerns-to-bear-in-mind-when-hacking-websites-with-open-invitations/#comment-969 Sat, 07 Apr 2012 14:24:28 +0000 http://security.blogoverflow.com/?p=610#comment-969 Proud to having made it to the ‘question of the week’! Thanks for a great summary. It’s nice to see how questions spin others (mine was by itself triggered by another great question, so perhaps this one deserves the question of the week…

Personally however, I was a little discouraged from the “bottom line” message of the answers. I believe there is benefit in having an open approach, encouraging security-research and experimentation, and of course full disclosure of vulnerabilities. Somehow if I’m reading through all those risks people mentioned, the underlying message is that both researchers and website should perhaps avoid using such an open collaborative approach, and I think it’s a real shame if this will always be the case.

]]>