Yes, because any circumvention of any form of security, be it as useless as a hardcoded default password, is considered a crime in German law. So even the discovery of a security flaw puts you with one foot in jail, because technically you did something you are not supposed to.
Not like there have been no initiatives. But given that our biggest party also sued after someone pointed out their technical fuck-ups it is not likely to happen.
Interestingly, I didn’t have to circumvent any security measures to uncover the vulnerability. They had a page that was leaking api keys - all you had to do was watch the network requests. That’s why I chalk it up to luck and not my prowess in cyber security.
But the technology is already there in place, and you get sued if you point out security flaws in it? Crazy.
Yes, because any circumvention of any form of security, be it as useless as a hardcoded default password, is considered a crime in German law. So even the discovery of a security flaw puts you with one foot in jail, because technically you did something you are not supposed to.
Time for some reform. Finding security holes is very important and benefits everyone.
Not like there have been no initiatives. But given that our biggest party also sued after someone pointed out their technical fuck-ups it is not likely to happen.
Interestingly, I didn’t have to circumvent any security measures to uncover the vulnerability. They had a page that was leaking api keys - all you had to do was watch the network requests. That’s why I chalk it up to luck and not my prowess in cyber security.