I can look to the offensive tooling I've released in the past and

1) see the irreparable and lasting harm it facilitated (I have seen it first hand)
2) see the tangible good it indirectly played a part in in improving some aspects of security in the long run.

1/5
I can't separate/absolve myself from both the harm and the benefit. Many offensive tool releases were notably more responsible than others in terms of vendor outreach and offerings of actionable detection/mitigation guidance.

2/5
IMO, there is no objective "right" way to release (or abstain from releasing) offensive tooling but if the choice is to release it, there is always a _better_ way to do it ("better" being subjective). One's ethical framework or lack thereof will dictate what's right/better.

3/5
Just don't be conveniently blind to the fact that your tooling will facilitate (note: I am deliberately not saying "cause") actual harm.

We can all hold ourselves individually more accountable. I'm game to have this chat. Let's not downplay/reduce this thread to "drama" ❤️

4/5
Now that you've read all this, rest for a moment and pay attention to your body. Do you feel any tightness anywhere? Heart-rate? I'm asking this in a genuine sense. Listen to what your body is telling you and consider reflecting on your body's reactivity prior to responding.

5/5
You can follow @mattifestation.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: