This title might not be very clear, let me elaborate :

Let's say, you're a computer scientist on your browser. You innocently browse the web, looking for a new book about procrastination (or anything else). Suddenly, a click lead you to the homepage of EvilCorpWorld, a (fictional) company incarnating the opposite of your ethical views.

EvilCorpWorld isn't a "common evildoer", they blatantly make the world a worst place. According to your ethical views, they could be enslaving children, selling weapons to warlords, practicing tax fraud at country scale, they support network promoting racism and sexism...

On the homepage of EvilCorpWorld, you inadvertently notice a big security flaw. Something like "click here for rootshell (Admin only!)". For the sake of simplicity, let's say it's an actual flaw, not a honeypot or anything else.

Now you have three possibility :

  • to tell : email EvilCorpWorld to warn them about the huge flaw.
  • to poke : like with a stick, poke the flaw, trying to see how far you can get. Poking does not mix with wrongdoing on purpose or for benefit. It's more a playful activity.
  • to delegate : unsure of what to do, asking someone more versed in infosec what they think

What would be the most ethical-wise thing to do (maybe something other than three options)?

More Pierre-Yves Gicquel's questions See All
Similar questions and discussions