Is it still "white hat" if money or a transaction is involved? My understanding ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		accrual on May 24, 2023 \| parent \| context \| favorite \| on: PyPI Was Subpoenaed Is it still "white hat" if money or a transaction is involved? My understanding is it's either black hat, the exploit is sold for money. Red team, you paid to be exploited for your own benefit. Or white hat, an exploit was found and it's communicated to limit black hat and red team. White hat + money would just be gray hat or blackmail.

rocqua on May 24, 2023 [–]

White hats can still get bug-bounties. Though if a company hasn't published such a bounty and a hat 'extorts' the bounty by demanding payment or else they will publish, that hat has a tint of grey.

Aeolun on May 25, 2023 | [–]

That's not a tint of gray, that's just plain black.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact