Other Found a major flaw in a retailer website - What shall i do.

By washing your car and giving you a £400 bill i'm doing nothing but forcing a service upon you, which you could do yourself and holds no cost value / saving to you personally. It's an entirely different situation.

A better comparison would be, i've found a flaw in your car. Could cost you thousands in repairs if not identified quickly. Could fix it for you if you like for £50. If we agree the terms in writing, i'll let you know what the flaw is and resolve it asap. Obviously this agreement would have to meet certain conditions stated in writing, such that i'd have to prove that it would indeed result in thousands of pounds of repairs if left unrepaired. Fact is, you wish you could identify and fix the problem yourself, unfortunately you're either unable to or don't hold the knowledge to do so.. So a person who does, can.. Which is generally why people goto University, so they can become educated enough to warrant someone else paying them for the knowledge they possess. The world isn't built on charity afterall, especially when it comes to big corporations.

Because that's how these sort of situations work.

- I inform them of an issue, which will result in tens of thousands pounds worth of lost revenue.
- We then come to an agreement in writing that they will pay 'X' if i can prove the validity of my statements
- I then prove it
- They then pay
- I then help them resolve the problem.

 

i say forget about it. You have already scored by getting your item with a discount, so why not let other people get the same discount. It's the company's fault their site doesn't work correctly.

 

Nah I do understand what you said, I realise there are companies that go out specifically to find flaws under no instruction but from themselves, and then goto said company with a bill.

It just seems a bit contorted to me....that's all. GL with whatever you get out of it - rather you than me tbh.

 

See i fail to understand why you feel it's contorted when my wish is to do exactly the same as them. Just because i don't operate a company whose purpose is to do this, means nothing. It's still the same service, offered in the same manner.

If you somehow disagree with the practice that both the companies that do it and what i wish do is immoral that's fine (Your opinion afterall).. But it's neither extortion or illegal, so don't suggest otherwise.

 

The issue itself would be very hard to identify even if they found out who the company was, i wasn't even sure i'd done it until i'd received the credit agreement.

 

I probably didn't make myself clear - your later point is right, I disagree with a company doing it, probably more so than you on your own doing it. Just a very very strange business practice in my opinion - if a firm that has been tested by one of these companies rejects their findings, if they then go on to sell or exploit that information after the firm saying they won't cough up, that must be within the grey lines of the law - please do enlighten me how that isn't akin to extortion?

 

Well that's the whole point.

Before any release of the issue a carefully drawn up agreement is creating, basically stating that the company or persons must prove that an issue exists and that the scope of that issue is in lines with their statements. If the company rejects their findings, then it becomes a legal matter in the sense that they broke the signed contract / agreement.

It would be extortion if the information regarding the issue was sold on to a different party, or release of the issue publicity threatened if the company did not pay them for issues detail. Which is not the case here, as previously stated i would never do that with proof to the fact that when dealing with Microsoft.. Despite many people asking me to do so.. Even after they provided no reward for helping them out as a kind gesture, i have yet to release the details of that issue (even tho it still remains)

I think you need to read the thread carefully, from the beginning. Understand exactly the details of the situation before making sweeping statements which hold no merit.

 

So it's just the word of the company that they won't sell it on after the subject firm decide they don't want to pay for the information? I'm not trying to be difficult, just trying to get my head round how companies go about this sort of business. I wasn't suggesting you were going to sell the information or whatever, I never said that once, and if you got that perception I apologise, not what I meant at all.

As for sweeping statements and telling me to read the thread again - no need to be so vindictive - I asked a question in my previous post which you duly answered - not sure why it was necessary for you to say that - as I said before, I'm not trying to be difficult, just voicing my opinion and the justification behind yours?!

 

I'm being vindictive?

Forget reading the entire thread, maybe read your own posts. You're now saying that you would never suggest that i would sell the information, or leak it purposefully.

Yet you said this on post 17, regarding what i wish to do:

"that is pretty much blackmail, or in legal terms, extortion - they only get away with it because it's cheaper to pay said blackmailer than getting it out of them via the legal system. "

That would imply you believe my motives were to the contrary.

Now you're saying 'Well it's just the word of said company that they won't go ahead and sell that information". I'm afraid you are being slightly difficult, trying to dig yourself out of rather insulting and inflammatory comments.

There is nothing stopping a company selling that information on, in addition.. Nothing stopping Play.com not sending you a Playstation 3 if you pay for it. What there is, is the law. I'd imagine if a company was to contact a retailer, informing them of an issue related to there software and threatening such action as selling the information or releasing it publicly if no payment is given. Legal action could be taken, as that is extortion/bribery. Just like you could take Play.com to court if they didn't give you what you paid them for.

The way this is industry works is completely different, as i keep saying and pointing out...

So i'll break down the process in simple steps for you, to avoid future confusion or you trying to make out i'm trying to extort or bribe a retailer (like post 17).

Company A: Company setup to find issues with software and sell the findings to companies who have ownership of that software.

Company B: A company with software, which company A has found a fault with.

Company A: Approach's company B, informing them they have found a fault with their software. They have determined that it presents a potentially large risk to the companies financial situation. They point out that for every purchase on orders processed a certain way, they're losing 10%. They offer to prove this issue, but first to draw up an agreement.

The agreement will state;

1) Company A must prove the validity of the claims about company B's software, these claims will be written into the contract. Example "Company A must prove company B is losing 10% from sales of items processed in a certain manner"

2) If Company A can prove the validity of their statements, then company b agrees to pay "X" amount for help in identifying and resolving the issue.

So essentially, you have stated in a legal document that you can prove you claims. If Company B deny payment after releasing the details, they're in direct violation of the terms of the contract and therefore subject to legal action from Company A.

The situation benefits both parties. Company B can be satisfied that proof will be provided before any sort of payment, as i'm sure any company would want knowledge of 10% loss of profit and pay well for it. Company A are happy because once they release those details, that payment will be forthcoming as they meet all the terms of the contract.

 

This whole thing is wrong :/ its like someone finding out how to exploit your bank to get into your account and then they demand payment before you will tell them how to get if sorted out :/

You should just tell them, if they deem it necessary they will credit you :/

 

I thought this too, recently found a code that allowed me to get £30 off anything lol.
Didn't use it though and now its stopped working, seems like a buggy site tbf.

 

"they" being these companies you speak of, not you specifically.

I wouldn't expect one of these companies to go "oh, we're going to sell the information if you don't pay us", but retailers or whoever are pretty much cornered into the situation when they are approached by one of these fault finding firms aren't they? If they let it go and just say we don't have enough money to pay you to tell us what it is, then the retailer runs the risk of said exploit getting out in the public. It's obviously not direct extortion as otherwise these firms would be prosecuted left right and centre, but it's hardly like the retailer has a choice is it?

And I'm sorry my comments are so insulting and inflammatory...i guess my opinions on this matter, which from the start were probably rather devolved, are not allowed to change in light of the information you've given me?

I think you think i'm being very literal in what i'm saying - i'm not - i don't care about this issue enough to get that worked up about it. I'm fully aware what constitutes as contract law, and had assumed the thing you just condescendingly described was the case between these companies - to be honest, it was pretty damn obvious.

You forgot the aspect of this quote

which is

THAT, is the point i've been trying to get across to you. All of what you have said is under the assumption that the subject company agrees to pay them money because they actually believe them in the first place - which I fully understand and don't disagree with.

HOWEVER! What if they can't afford it or are in no position to warrant that cost? They then run the risk of this error in their software or marketing strategy being exploited over and over - it's only down to this error finding company's WORD that they aren't going to go and do that? Therefore - they pretty much HAVE to cough up the money, there are very few other solutions.

It just seems harsh, that's all.

 

Fixed the List

 

You're playing devils advocate, which is pointless. You're basically saying 'What If' they exploit the other company.. Which could be said about ANY company in ANY industry. A rather lame and silly attempt to prove a point.

If the company has no ability to pay for the said information, then it's.. Tough... Just like many small software companies around the world who can't afford or invest money into a good Quality Management System, or the staff to implement it. If they're creating software, they understand the risks and dangers of that software becoming problematic if not properly reviewed. Not exactly mine or any other companies fault that they try to cut corners, or our responsibility to help them out. They're a large national retailer, they should of known better. Sure, all software eventually has bugs within it. You can't do what is called 'Exhaustive' testing as it's not cost affective. But if this was at my work, this would of been highlighted in a hazard analysis and re our procedures - preventative action taken and documented to stop it from happening. Infact at my work, this probably wouldn't of even reached my desk. Developers would of discovered it per their coding procedures and unit testing.

 

All this writing and not a single post by Nexxo yet, im shocked! ROFL!

 

Hehe

If they manage to discover the retailers website in question, they're gonna have to complete an order and buy something to actually find the error.

 

You realise if you were to email them and try to extort money from them they will probably just ban you from their site and stop you from being able to abuse their system.

So in retaliation if you were to release it to the public they would soon find the flaw anyway.

Basically you cant win either way!

 

He was buying an iron-clad keyboard, when he discovered a flaw in the site's coding, that gave him a big discount. He is now locked in a huge philosophical debate with himself, it could get messy

 

Well I'm sorry for trying to look at it from the subject company's point of view.

It's still cornering them into it...and also not far off hacking when you think about it.

 

Well hacking is different not only by it's intent, by also by it's general definition. So not close to it at all.

You're looking at it from the other companies view, but with the assumption that the other company would purposely try to exploit their position.. When in reality, as said. This could be done to done any company, within any industry. Whether it came to a supplier abusing their position at peak retail season by withholding stock or a solicitor filing frivolous claims against small companies to gain quick settlements etc etc, the list could go on and on. It's basically an attempt to add a vage and unscrupulous element to your argument, when none exists, and if it does.. Is quite easily handled through legal channels.