I can look to the offensive tooling I& #39;ve released in the past and
1) see the irreparable and lasting harm it facilitated (I have seen it first hand)
2) see the tangible good it indirectly played a part in in improving some aspects of security in the long run.
1/5
1) see the irreparable and lasting harm it facilitated (I have seen it first hand)
2) see the tangible good it indirectly played a part in in improving some aspects of security in the long run.
1/5
I can& #39;t separate/absolve myself from both the harm and the benefit. Many offensive tool releases were notably more responsible than others in terms of vendor outreach and offerings of actionable detection/mitigation guidance.
2/5
2/5
IMO, there is no objective "right" way to release (or abstain from releasing) offensive tooling but if the choice is to release it, there is always a _better_ way to do it ("better" being subjective). One& #39;s ethical framework or lack thereof will dictate what& #39;s right/better.
3/5
3/5
Just don& #39;t be conveniently blind to the fact that your tooling will facilitate (note: I am deliberately not saying "cause") actual harm.
We can all hold ourselves individually more accountable. I& #39;m game to have this chat. Let& #39;s not downplay/reduce this thread to "drama"
https://abs.twimg.com/emoji/v2/... draggable="false" alt="❤️" title="Rotes Herz" aria-label="Emoji: Rotes Herz">
4/5
We can all hold ourselves individually more accountable. I& #39;m game to have this chat. Let& #39;s not downplay/reduce this thread to "drama"
4/5