> Do not publicly disclose information about the vulnerability and vulnerable systems without the CCB’s consent
This one would be a sticking point for me, personally. When disclosing vulns, I am extremely reluctant to relinquish control over who I tell and when. I wonder if participation in this mechanism could increase one's overall liability.
You presumably retain the ability to control disclosure about vulnerability research you conduct against authorized targets; the most common class of authorized targets is "software you run yourself, in settings where vulnerabilities don't involve talking to other people's computers/servers".
Where people get into trouble is when they authorize themselves to conduct research against other people's computers. If you want firm control over the disclosure of your vulnerabilities, find other people's computers that authorize testing, or test your own computers.
Basically yes. "any systems, networks, or applications located in Belgium".
Of course you might still be prosecuted outside Belgium, e.g. if you pentest an Oracle setup in Belgium, and Oracle takes issue and files charges against you in the US. But that is less likely to happen or succeed.
It would be a nice guesture. I'm not sure how he would get there safely though. Planes have a nasty habbit of being forced to land somewhere on route in these situations.
As long as he can get into the Schengen region, he can get to Belgium in a van without any paper trail.
I'm not advocating illegally entering any eastern EU countries, nor suggesting that it is easy, but from a physics standpoint it doesn't occur to me as exceptionally impractical for a determined and resourceful actor with international support, considering the mountainous terrain of Hungary, Estonia, Latvia, etc.
It's only high for regular income. Belgium does not have a capital gains tax. If you start a company, it does well, and you sell it, you pay zero taxes.
Similarly, when you receive stock options after joining a company, you get taxed immediately, but you don't pay taxes when you exercise them. That's really backwards when you join an established company (because you'll pay taxes on something that might actually be worth nothing), but it's fantastic when you receive stock options in an early stage startup, with options that are worth pennies.
This has a very high risk of your associate your business with your private life in case of bankruptcy ( to pay less taxes).
Additionally, i know an owner that put his wife as boss instead of him for tax reasons. So tax optimalisation is very very complex here, another disadvantage.
27 comments
[ 671 ms ] story [ 1333 ms ] threadThis one would be a sticking point for me, personally. When disclosing vulns, I am extremely reluctant to relinquish control over who I tell and when. I wonder if participation in this mechanism could increase one's overall liability.
I'd think notifying them as soon as possible and asking them for permission for publicly disclosing would let them protect you more efficiently.
Where people get into trouble is when they authorize themselves to conduct research against other people's computers. If you want firm control over the disclosure of your vulnerabilities, find other people's computers that authorize testing, or test your own computers.
Of course you might still be prosecuted outside Belgium, e.g. if you pentest an Oracle setup in Belgium, and Oracle takes issue and files charges against you in the US. But that is less likely to happen or succeed.
I'm not advocating illegally entering any eastern EU countries, nor suggesting that it is easy, but from a physics standpoint it doesn't occur to me as exceptionally impractical for a determined and resourceful actor with international support, considering the mountainous terrain of Hungary, Estonia, Latvia, etc.
Considering taxes in Belgium are the highest in Europe and almost the highest in the world.
Similarly, when you receive stock options after joining a company, you get taxed immediately, but you don't pay taxes when you exercise them. That's really backwards when you join an established company (because you'll pay taxes on something that might actually be worth nothing), but it's fantastic when you receive stock options in an early stage startup, with options that are worth pennies.
That's almost everyone? :P
---
Ethical hackers aren't companies that will sell their company here.
I don't know any company who gives stock options here, it's not a thing.
Dividends gets taxed at 30%.
If you get a bonus from work for delivering, taxes are normally so high that the bonus looks low.
What you're saying is basically: it's great when you're rich.
I thought it was pretty obvious from my comment that the Belgian tax system is very favorable for businesses and their owners…
This has a very high risk of your associate your business with your private life in case of bankruptcy ( to pay less taxes).
Additionally, i know an owner that put his wife as boss instead of him for tax reasons. So tax optimalisation is very very complex here, another disadvantage.
So that's expensive too
You're getting a lot back if you're unemployed and actual Belgian though.
Some people aren't even working because the difference between working and not, is too low.
And if you're ill, you don't have to worry about finance too...
That's it
So what's enticing those people to go back to work if it literally costs them money?
And I don't mean to say that unemployment must go down. On the contrary, at minimum, it must be beneficial to go to work. So minimum wage must go up.
Problem is that then unemployment will go up too, as that is tied to minimum wage.
For the rest, i agree.