>Selling exploits to the black market does strike me as unethical, though.
If I gave them away and they get exploited is it unethical? If I gave them away publicly vs privately does it make a difference? If I responsibly reported to the manufacturer a month previously?
I guess intent matters, and I'm ok with that being the line. In the end though I feel the rewards for fast production far outweigh the consequences of security bugs. My firefox updated last night and added pocket and I was reminded that I couldn't even remove the useless bloody thing.
> If I responsibly reported to the manufacturer a month previously?
I'm not an expert on responsible disclosure, and I think reasonable people can disagree on the best course of action. I think selling exploits on the black market is always unethical.
> I couldn't even remove the useless bloody thing.
If I gave them away and they get exploited is it unethical? If I gave them away publicly vs privately does it make a difference? If I responsibly reported to the manufacturer a month previously?
I guess intent matters, and I'm ok with that being the line. In the end though I feel the rewards for fast production far outweigh the consequences of security bugs. My firefox updated last night and added pocket and I was reminded that I couldn't even remove the useless bloody thing.