What could go wrong?

https://apperta.org/openOutcomes/

Why does someone at this organization think that filing a police report is the appropriate action. It fairly well guarantees that no one else will let them know the door is open in the future, and it highlights to adversaries that there is a good chance this is an easy company to find a weakness in.

As an aside I see this as a side effect of increasing layers of abstractions between law/society and technology. A tech manager goes to legal to let them know that a former employee has just let them know that there was a security breach. Without understanding git, github, responsible disclosure or programming, all the lawyer hears is that a former employee has written to tell us that he has found copies of sensitive information and has encrypted them on his hard-drive.

If you are the legal representative for a technology company, at what point do you have a responsibility to understand the technology?

Ass-covering. You can spin your own incompetence into a hack instead and legal action increases your credibility in front of your (equally stupid) peers.

I mean, they were told about a flaw and didn't pass that notice to the product team but sued the reporter of the problem. That's proof that they understood the flaw. Nobody sues over a mistaken bug report, or if they don't understand the impact.

The entire legal team should be disbarred for knowingly conspiring to hide evidence of customer impacting flaws. Every lawyer of theirs who saw the proceeding should never lawyer again in the free world.

And then you should go after the management and board who are always equally guilty in these cases. Directly after the people - all the joys of modern cancellation, with charges of dereliction of duty, fraud, conspiracy, etc. Leave them with a smear even if the case doesn't proceed, like their malicious lawsuit could have ruined the bug reporter.

Get them to say stupid things to cover "CEO: I had no idea" and use those against them. "CEO incapable of managing company, in his own words". Guilty or incompetent. Pick one. There's no way to accidentally sue someone so this whole episode is malicious.

Nobody in management or above from this company should ever have a paying job again without someone swooping in to garnish their wages.

It's a little like saying you left the garage door open, but I also took a full inventory of your stuff, and unlocked a window. I'll tell you about it once you close the door.

If you aren't familiar with info sec standard practice it seems a little odd.... All the more reason for technology lawyers to have an understanding of technology.

Sure. But then they went on the attack against someone who was obviously not guilty and that's where they became a criminal conspiracy covering for their company's failures.

> If you aren't familiar with info sec standard practice it seems a little odd

People don't have to be familiar with something before they calm down and think. If they freak out it's because they chose to as part of a demonstration they think will win them points.

Have you ever seen a child look around for a parent before crying? Similarly, if there wasn't a community or a court to play their redirection game at, they'd have just buckled down and gotten to work.

The British police don't understand any of this, and they will simply arrest whoever's easiest. You are better off going around them.

Let the bureaucrats handle it.