alt Hacker NewsIf you are talking about some open source project then I would fully agree.
But when it comes to money making corporations then personally I dont agree that revealing flaws in their product comes into ethics at all.
A companies paid product is flawed, their own paid engineers didnt figure that out, why should I do it for free becasue 'ethics'?
This is the entire reason bug bounty programs exist in the first place.
You seem to have a very bright line between the acceptable behavior for “no money involved” and “money involved”.
For me, it’s more subtle than that.
Everybody (“almost all software”) has exploitable bugs. Are you a fool for not finding the ones in yours? Maybe. Sometimes.
There is a huge difference between Project Zero finding a trivial vulnerability almost identical to one reported months earlier (close to negligence) and Mullvad having the CEO personally posting a response here in a very calm tone.