I don’t get these arguments. These tools aren’t weapons, and limiting legal access to pentesting tools will decrease corp’s and individuals’ ability to be proactive about security.
These devices can be manufactured relatively easily and making them illegal will essentially mean the only people doing security tests are criminals. Large tech companies, correctly, run bug bounties where independent security researchers can make income by reporting reproducible and exploitable bugs. The concept here is called offensive security and it’s extremely important for building better and more secure platforms. This situation will never be improved by limiting legal access to useful testing tools.
The responsibility should be on automakers and other companies that have massively insecure products, not on open source developers who are making products for security researchers.
I don’t get these arguments. These tools aren’t weapons, and limiting legal access to pentesting tools will decrease corp’s and individuals’ ability to be proactive about security.
These devices can be manufactured relatively easily and making them illegal will essentially mean the only people doing security tests are criminals. Large tech companies, correctly, run bug bounties where independent security researchers can make income by reporting reproducible and exploitable bugs. The concept here is called offensive security and it’s extremely important for building better and more secure platforms. This situation will never be improved by limiting legal access to useful testing tools.
The responsibility should be on automakers and other companies that have massively insecure products, not on open source developers who are making products for security researchers.