Re: Real Life Superheroes
"In my book security researchers/reverse engineers are like real-life modern day Superheroes."
Which is exactly where the problems come from. Superheroes are (usually) vigilantes operating outside the law. Their actions are often overlooked because they help people with problems that can't be addressed by the authorities using normal means. But even then they still frequently have trouble with the law, and often require some forgiving authority figure to look the other way or actively cover up for them, because even though their actions may seem right they are still technically illegal. And of course, it's often difficult to draw a line between a hero is forced into a difficult choice, a hero who regularly breaks the rules a bit more than normal, an anti-hero who doesn't care about the rules, and an outright villain.
All sounds rather like security researchers really. The good ones are usually doing work that is morally right but often legally questionable, and there is often not a clear line between those genuinely acting for good and those who happen to expose bad practices while only doing the hacking for fun, or being otherwise actively malicious. This is why people like Snowden and Assange, for example, aren't exactly universally loved - just because they exposed some bad stuff doesn't mean they're actually good themselves. And similarly the likes of the research groups listed above mostly do seem to be acting for good, but may well be breaking the law in doing so, and since opinions on what is actually good vary they're not universally loved either.
And as with superheroes, the big problem is that they're all dealing with things that the law can't actually handle. Just as superpowers aren't handled very well by the legal system, laws developed decades or centuries ago don't handle computers and the internet very well. Everyone has an opinion on when vigilantism should or shouldn't be allowed, but even agreeing on whether something does or doesn't break the law is difficult enough before you even start asking about should.
So yes, security researchers are very much like superheroes. Without them, the internet would be a much less safe place. But relying on vigilantes operating in legal grey areas is far from the best way to deal with real world issues, especially given how difficult it can be to tell the heroes and villains apart, and when they can swap roles from comic to comic.
Biting the hand that feeds IT
