I agree, if you're testing someone else's *website or servers*, you should compl... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tptacek on Aug 22, 2019 \| parent \| context \| favorite \| on: Researcher banned on Valve's bug bounty program pu... I agree, if you're testing someone else's website or servers, you should comply with the scope and disclosure rules or not do the testing, unless the vendor has something else on their website that implicitly authorizes testing (like an email address to send reports to). But that doesn't apply to Steam; nothing they write can really impact your ability to conduct security research on your own computer.

awirth on Aug 22, 2019 [–]

Yeah, agree in this specific case about local research (baring DMCA issues). Most H1 scopes seem to be remote targets as opposed to downloadables though.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact