exposed social security numbers in Missouri website
This is bad. Criminalizing those that report it is even worse. It sets a precedent that could be abused. A purpose built insecure website that exposes private data could be created like a honey pot. Anyone who visits would be subjected to lawsuits.
To make a less technical example, a hand written letter could be sent to every visitor of a website. If that letter had unclassified data on the front, maybe a thank you note, but someone wrote the SSN’s of employees on the back of that letter, would we punish the person who read the back of the letter? What if they noticed the error and discretely notified the sender first? In the Missouri case, the HTML was sent to those users in plain text from for anyone to read.
alert(“vulnerability”)