Is it good to reveal weak systems? Like just naming names here is that effective to prevent people from being compromised more or less than they already are?

I want to know if its something I use, but i also dont want to contribute to outing weak systems without also informing the system people first to let them know.

I'm genuinely curious, i dont actually know just seems risky to me to create a hitlist of soft targets

[–] danc4498@lemmy.world 1 points 1 week ago* (last edited 1 week ago) (1 children)

I think the best practice is to inform the company of the flaw, and if they don’t fix it in an appropriate time, then call them to the world. If they have a flaw that can be used by hackers, then the hackers probably already know about it.

[–] Jarix@lemmy.world 1 points 1 week ago (1 children)

Hmm i suppose my concern then is for the situation you think unlikely: they dont know and neither do bad actors. Okay that makes sense

Now I'm curious about why would the hackers already know? Or where does your confidence come from?

[–] danc4498@lemmy.world 1 points 1 week ago

Cause hackers are smart and motivated. If a random memer found the flaw by chance, then one of the million black hat hackers that spend their time looking for these flaws had also probably found the flaw.