re: Are there any consequences for exposing your users to vulnerabilities? VIEW POST


Tavis Ormandy from the Google Zero team used to do this thing where he would report a terrible 0 day vulnerability. Once it had become public, typically the share price would drop, and at that point he would buy some. Once the shares got back up to the pre-zero day price, he’d sell again and make a profit.

He was doing it to make the same point really-he was frustrated that it would only be a few weeks for the stock price to get back to normal.

ICO can now fine companies up to 4% of their turnover for GDPR breaches. I think BA being fined Β£183million is the first example of a meaningful fine.

Code of Conduct Report abuse