White hats can be prosecuted via the CFAA. they usually aren’t (most of us are guilty of CFAA penalties) but some companies got sour to fixing their web security and instead would sue and push to prosecute.
So in the early 2010s the white hat community went gray to survive. And companies that don’t pay their bounties oe cause trouble don’t get pen tested by white hats (at least not when wearing a white hat).
White hats can be prosecuted via the CFAA. they usually aren’t (most of us are guilty of CFAA penalties) but some companies got sour to fixing their web security and instead would sue and push to prosecute.
So in the early 2010s the white hat community went gray to survive. And companies that don’t pay their bounties oe cause trouble don’t get pen tested by white hats (at least not when wearing a white hat).
Thank you! I appreciate the insight.