undefined | Better HN

0 pointsadolph2y ago0 comments

The ostensible researchers didn’t follow the ethos to which they claimed and linked. Do you disagree with that?

0 comments

Yes i disagree. You are quoting the document out of context and it doesn't say what you are implying it says.

Maybe out of context is the wrong word. You quote enough of the paragraph it just doesn't support your point.

All the paragraph says is that one hypothetical situation may have legal consequences in some juridsictions. It does not make any claim as to whether or not that is ethical or right.

adolphOP2y ago

Ok, do you agree that they claimed the OWASP document supported their actions?

Concerned about user privacy and security — and consistent with industry best practices [link to owasp] — we wrote a detailed email to the Fizz team [0]

Do you disagree that the OWASP page states the below?

Researchers should:

Ensure that any testing is legal and authorised.[1]

Ok, I can see how the OWASP document doesn’t use the words ethic or right or wrong. Would you agree that the claim by saligrama.io that they were “consistent with best practices” (where best practices is a link to OWASP) is not true?

I can see an interpretation where they communicated in line with best practices even if they didn’t follow best practices in their actions before communicating.

0. https://saligrama.io/blog/post/firebase-insecure-by-default/

1. https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability...

j / k navigate · click thread line to collapse