alt Hacker NewsI wouldn't trust anything like that in Germany, where everything is rules-based. Hacking is illegal, so if the police find out you hacked and can prove it, they will arrest you and you will be convicted, period. In Germany there's no common sense applied to the rules. Arguing that you hacked and then reported it responsibly won't reduce your criminal penalty for hacking.
Replies
ahartmetz • today at 12:15 PM
Apart from a certain general incompetence in IT related topics, common sense is a rather important part of German legal interpretation. Intention, proportionality and such.
There are some infamous counter-examples, but you can find these in any country and it's these that make the news.
> I wouldn't trust anything like that in Germany [...] Hacking is illegal, so if the police find out you hacked and can prove it, they will arrest you and you will be convicted, period.
This is rather hilarious to read as a reply to someone whose day job is literally hacking in Germany. We document it for tax reasons and sometimes are even allowed to publish it, too! Besides paying clients, we also "hack" (read: help secure) projects and blog about the vulnerabilities we've found and what the disclosure timeline was
Clearly this doesn't work as a blanket statement and coordinated vulnerability disclosure is a thing here. I can agree there are caveats but the statements as made aren't accurate
As for dealing with the government, so far as I'm aware, none of us have had bad experiences with the German IT security agency (BSI) whenever a vendor was being uncooperative (healthcare vendors tend to be very, let's say, German about whose responsibility it is when their device sends genital pictures over a network with no encryption or authentication option available in the software)