This kind of law is what holds the internet back. Why should I risk bankruptcy, litigation and imprisonment over some intern forgetting to sanitize HTML? Like that never happened before on the internet.
I'm a kind person, but my #1 obligation is to my family, not random internet website users.
Internet can not ever be risk free. You post data online, you can expect a low probability of it getting lost / stolen. You're fine with that, because most data is actually not that private, and because you somehow benefit from posting it online.
Security vulnerability reporting must be risk free, because it's possible for it to be. You just need a proper law.
I'm a kind person, but my #1 obligation is to my family, not random internet website users.
Internet can not ever be risk free. You post data online, you can expect a low probability of it getting lost / stolen. You're fine with that, because most data is actually not that private, and because you somehow benefit from posting it online.
Security vulnerability reporting must be risk free, because it's possible for it to be. You just need a proper law.