To be fair, no company should have to sift through an
automated report from a static analysis tool.
It’s not worth their time. In
fact, the tone of the Oracle Blog that isn’t completely unproductive is, “Do
the research for yourself! Give me
exploits or give me death!” As a Tester,
this is the core of bug advocacy, and I want to destroy the trust lazy
researchers put in automated scanners, lazy managers put into automated checking, and the lack of human
interaction endemic in development in general.
That being said, chiding someone for spending their own coin
to find a exploit with, “But you really shouldn’t have broken the EULA. Nanny Nanny Boo Boo,” is unproductive at best
and an invitation to become the target of malicious actors at worst. No one cares about your EULA. Not even the government gives it the time of
day. Your tantrum just makes that many
more people want to do things to piss you off.
