@Tobias_Arms@Su25T_Frogfoot@xwanyex Sadly the chicken processing plant raids show the incentive is for companies to hire people in the US illegally. They get to under-pay and mistreat workers, and any time unions are brought up ICE gets a tip.
I would not be surprised to find they made money even after the fines!
@Tobias_Arms@xwanyex Unfortunately, this is actually the apocryphal tale for "Perverse Incentive." Basically, it encourages people to breed the invasive species so they can make more money than just catching them.
https://t.co/h86vOWwquT
@Lina_Hoshino It's so sad you have to deal with this. I know the US legal system is pay to play, and assume Japan is similar. Know there are people who support you!!!
The idea that any one person working in the same space is an "existential threat" is the largest self report I've ever seen.
@Ferbin08@vxunderground You're thinking of hospitals. American Pharma cares about money, not patients. We know this because they raise prices of life saving medicine a few years before it goes off patent.
@UK_Daniel_Card Adding to this, penetration tests done for compliance are useless for finding these. The test criteria removes everything listed, and is usually "can you black-box hack this website?"
@Lina_Hoshino@yokai1235 This gets very complicated, since it deals with:
* EULA Legality (Even US treats it different from signed contracts)
* Legality of someone agreeing to something they can't read. (Japanese Only)
* Venue outside the country a person lives in.
@alkimiadev@Pirat_Nation This is where 3rd party bug bounty platforms that charge a fee can be relevant. Only if didn't just rely on MS but made their own evaluation and make payouts themselves then charge MS.
It bypasses the trust issue.
@alkimiadev@Pirat_Nation The timeline is a separate issue.
They incentivize people with bug bounties, but are known for not paying. Sometimes they string the researcher along, but sometimes they just say "Not a vuln," and silently patch it.
@Joeg1484@Pirat_Nation The largest issue Open Source has had with AI are false reports.
If you want a nightmare story, look at Curl. It's like a DDOS on the reporting system.
@aiseomastery@chrisfrazier0@sluongng As a DevOps guy this is far from uncommon.
"Separation of privileges" at big companies can mean getting server access is a pain. Yet, the CI/CD pipeline for some common applications involves running developer provided files as admin.
@vxunderground Your recent post about Python had me thinking.
Are you aware of any JavaScript based malware? Not just a browser compromise, but something that leverages all the Electron apps out there as the actual runtime.