Maybe you should just try being lucky. I found a critical security vulnerability while working on my scraping project. I told them, they paid me and gave me written permission to scrape.

[–] einkorn@feddit.org 24 points 2 days ago (3 children)

You are braver than I am because here in Germany usually people get sued for reporting security vulnerabilities.

[–] MonkderVierte@lemmy.zip 14 points 2 days ago

Yep, don't do that if you live in a Internet ist Neuland country.

[–] victorz@lemmy.world 7 points 2 days ago (1 children)

tf? They should offer you a job if anything.

[–] einkorn@feddit.org 9 points 2 days ago (1 children)

That is if you'd live in a place with an open attitude toward new technologies.

[–] victorz@lemmy.world 1 points 2 days ago (1 children)

But the technology is already there in place, and you get sued if you point out security flaws in it? Crazy.

[–] einkorn@feddit.org 3 points 2 days ago (1 children)

Yes, because any circumvention of any form of security, be it as useless as a hardcoded default password, is considered a crime in German law. So even the discovery of a security flaw puts you with one foot in jail, because technically you did something you are not supposed to.

[–] victorz@lemmy.world 3 points 2 days ago (1 children)

Time for some reform. Finding security holes is very important and benefits everyone.

[–] einkorn@feddit.org 2 points 2 days ago

Not like there have been no initiatives. But given that our biggest party also sued after someone pointed out their technical fuck-ups it is not likely to happen.

[–] EldenLord@lemmy.world 3 points 2 days ago* (last edited 2 days ago)

I know a guy who did exactly that and got sued. The security failure he reported even was a Straftatbestand committed by the company and so he won the process. German companies really love shooting themselves in the foot.