Ethical hacking is like open source software. If there is a large community with common goals, they’ll keep each other in check.
It’s not a threat. Black hat hackers are always there. Only ethical hackers were restricted
I believe that it is an opportunity, you can think of a lot of things when you work in IT security but the reality is that we lack expertise and people. Having an ethicak hacking is an opportunity to see what are your weaknesses and breaches. It can also ring the bell if you know already the weaknesses but can’t put high priority on it. Sometimes managers need to see there’s an incident before taking actions
Absolutely not a threat. I’ve been reporting a few vulnerabilities under this new law and I can assure you that it is much needed. You’d be surprised how many companies simply leave their door visibly open to hackers. Reporting such a thing always came with a risk before this law was introduced. A while back I’ve been sued for responsibly disclosing a serious vulnerability in a large Belgian organisation. Finally, the messenger cannot be blamed anymore.
There’s still a lot of work to do regarding transparancy and the effectiveness of this new law (I doubt this will really hold a company back from prosecuting if they feel like it, there seem to be a few loopholes), but at least the public perception will change.
What a lot of people don’t seem to get is that unethical hackers do not need your permission or anything to protect them. They’re already there. If you conduct any criminal activities under this law (such as data theft etc), you’re still going to get in trouble for it. This only provides a legal safe harbour and framework for those who want to do everything right, I can’t see how one could label that as a threat or be against that.
Genuine question here. So the blog post mentions the following.
> A natural or legal person is now authorised to investigate organisations in Belgium for potential cybersecurity vulnerabilities, even if they have not consented to such investigations.
Do system admins that detect cyber attacks on their platform ever report those attacks to authorities? And if they do report these failed attempts, do these actually ever get investigated? And if so, wouldn’t this give people an “excuse”?
OP, why would you think that this could be a possible threat?
6 comments
Ethical hacking is like open source software. If there is a large community with common goals, they’ll keep each other in check.
It’s not a threat. Black hat hackers are always there. Only ethical hackers were restricted
I believe that it is an opportunity, you can think of a lot of things when you work in IT security but the reality is that we lack expertise and people. Having an ethicak hacking is an opportunity to see what are your weaknesses and breaches. It can also ring the bell if you know already the weaknesses but can’t put high priority on it. Sometimes managers need to see there’s an incident before taking actions
Absolutely not a threat. I’ve been reporting a few vulnerabilities under this new law and I can assure you that it is much needed. You’d be surprised how many companies simply leave their door visibly open to hackers. Reporting such a thing always came with a risk before this law was introduced. A while back I’ve been sued for responsibly disclosing a serious vulnerability in a large Belgian organisation. Finally, the messenger cannot be blamed anymore.
There’s still a lot of work to do regarding transparancy and the effectiveness of this new law (I doubt this will really hold a company back from prosecuting if they feel like it, there seem to be a few loopholes), but at least the public perception will change.
What a lot of people don’t seem to get is that unethical hackers do not need your permission or anything to protect them. They’re already there. If you conduct any criminal activities under this law (such as data theft etc), you’re still going to get in trouble for it. This only provides a legal safe harbour and framework for those who want to do everything right, I can’t see how one could label that as a threat or be against that.
Genuine question here. So the blog post mentions the following.
> A natural or legal person is now authorised to investigate organisations in Belgium for potential cybersecurity vulnerabilities, even if they have not consented to such investigations.
Do system admins that detect cyber attacks on their platform ever report those attacks to authorities? And if they do report these failed attempts, do these actually ever get investigated? And if so, wouldn’t this give people an “excuse”?
OP, why would you think that this could be a possible threat?