57
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 27 May 2026
57 points (96.7% liked)
cybersecurity
6178 readers
113 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 3 years ago
MODERATORS
AFAIK, they historically have
They're not "helping," they're trying to get paid by finding exploits legally, rather than using them illegally. And if someone is particularly good, it can be lucrative work. It's historically been a mutually beneficial arrangement, so it's ironic if M$lop thinks they can cut out human researchers (ostensibly swapping them for AI agents) and still maintain a secure codebase.
To me, this is M$lop trying to cut costs from the wrong thing; may they get what they deserve.
ETA: and if they make it impossible to make a living at reporting exploits legally, there's really only one option left to make a living...
ETA? In my life experience that means estimated time to arrival. What do you mean in this context?
In this context, it means 'edited to add'
Edited to add
Selling exploits is more of a legal gray area depending on jurisdiction and licensing.