A simple observation:
"White Hat Hacker" is NOT synonymous with "Ethical Hacker"
You can legally protect an unethical corporation and in doing so, you are an accomplice to their unethical actions.
You can ethically hack to protect people and still be conducting illegal activities.
Do not conflate the two terms.
@tinker Very much this. Also, if you regard the ethical goal as protecting users from harm from the exploitation of a vulnerability, SOMETIMES the best thing to do is to quietly warn the vendor, while other times the best thing to do is warn everyone. It depends on very particular circumstances.
It's easier if your definition of "ethical" is simply "protect vendors from reputational harm". But that's not a very useful ethical system.
Tinker ☀️
Matt Blaze