Hypothetically. Like what if sharing could crash the entire industry and impact the global economy.
Publicize it and use my fifteen minutes of fame to snag a tech security gig.
in the book “the gods themselves” they presented such a situation and gave the dire answer: no one would listen to you if it meant giving up the good thing.
I share how much AI sucks all the time but no one cares. 🤷♂️
Post about it on Lemmy so that ~7 people will read it.
Looks more like roughly 40 people care which seems pretty accurate in general.
As kolanaki already said, but as a general rule: if it’s simple, probably everybody already knows it.
But if you are sure you discovered something nobody else knows, you can always bet against some companies and tell it to everybody. If you didn’t need internal access to discover it, it’s legal almost everywhere.
If the Global Economy can be destroyed by something a random person can discover in a garage, it’s up to the Global Economy to deal with it.
Nothing. Nobody you could reach and tell, would fairly pay you what that info is worth. If it’s a trillion dollar tech, imagine the series of design, approval, oversight people you’re doing free work for.
Like, imagine it’s Lockheed Martin, and you’re giving a free tip that saves the the executive board’s neck. Laughable idea.
Except maybe it’s a medical thing and the “medicine” would a) not work and b) harm people. Then maybe.
Also, if this is about AI, that it doesn’t work the way they think is an open secret. Just the other day they found a method to inject if you just write your prompt in rhyme…
Doesn’t matter, nobody will believe you.
Short whichever stock would be most impacted, set my earnings to convert to yuan, and then spread the news as hard as I can
Nvidia is the stock.
Good luck with the timing. The market can stay irrational longer than you can stay solvent.
Made 200k in six weeks back pre-split using 2x leverage. Any other play is diminishing returns/opportunity cost. Dumbest thing I ever did.
Unless I’m leveraging 3x+ like an absolute deep fried Twinkie, I’m pretty sure I’m coming out at least neutral.
The solution is you go all in because you will always win. Please note this not actual investing advice so please don’t take this advice.
You should have started with your second sentence. I’m already destitute
Well, if you’re looking for more advice, hit up Sheri’s ranch in Nevada. Plenty of money to be made. Then start an only fans account to draw in more business.
Yes I’m going to hell
I’d tell some trusted friends too. Quietly. In person.
The Coordinated Vulnerability Disclosure (CVD) process:
-
Discovery: The researcher finds the problem.
-
Private Notification: The researcher contacts the vendor/owner directly and privately. No public information is released yet.
-
The Embargo Period: The researcher and vendor agree on a timeframe for the fix (industry standard is often 90 days, popularized by Google Project Zero).
-
Remediation: The vendor develops and deploys a patch.
-
Public Disclosure: Once the patch is live (or the deadline expires), the researcher publishes their findings, often assigned a CVE (Common Vulnerabilities and Exposures) ID.
-
Proof of Concept (PoC): Technical details or code showing exactly how to exploit the flaw may be released to help defenders understand the risk, usually after users have had time to patch.
You say the flaw is “fundamental”, suggesting you don’t think it can be patched? I guess I’d inform my investment manager during the “private notification” phase as well, then. It’s possible you’re wrong about its patchability, of course, so I’d recommend carrying on with CVD regardless.
What if you’ve got no credentials, but the flaw is so serious that it will not matter if known.
This is a true hypothetical curiosity. I do not know anything of value. A bunch of people here like to call me crazy, and I’ve rambled on and on many times in ways that likely confirm their notions. A person like this is not likely to fair very well when operating well outside their social caste unless they already have hand holds on the rungs of the ladder above. Still, there are some rather surprising areas of technology without adequate fundamental research. Perhaps it is hypothetically better to have John Conner in the world of Cyberdyne. If someone had killed Apache early, the Internet would not be the same heaven of democracy, though that is not a very good intuitive scope of analogy. Just something to ponder if one were to be in such a situation.
It comes down to whether you can demonstrate this flaw. If you have a way to show it actually working then credentials shouldn’t matter.
If your attempts at disclosure are being ignored then check:
- Am I presenting this in a way that makes me seem like a deranged crazy person?
- Am I a deranged crazy person?
Try to resolve those. If the company you’re trying to contact is still send your emails to the spam bin, maybe try contacting other people who have done disclosure on issues like this before. If you can convince them then they can use their own credibility to advance the issue.
If that doesn’t work then I guess check the “deranged crazy person” things one more time and move on to disclosing it publicly yourself.
Sometimes the whole world does seem crazy. So I’m not liking my odds. Thanks for the rational advice.
-
If miscounting the number of Rs in strawberry didn’t crash the economy then nothing will.
Responsible disclosure.
Oh please share, so we can take advantage of the crash too.
