Work: More people will work more time from home and many firms will switch to virtually full time remote with limited physical gathering. This will decrease the cost of office rents and alter the work/life balance. It will affect wages because people can live outside of city centers and still work so companies will pay less. We may be on the cusp of US government guaranteed sick leave.

Travel: People will, for the short term, do less travel for pleasure, but the big impact, long term, business trips will decrease. More and more business meetings will be replaced with voice and video conferencing. There was no big driver other than some cost reduction here, but now safety and security will be the big drivers here. Global pandemic concerns (prevention, containment) will complicate travel to varying degrees, and in a way that most US citizens aren't used to - it will affect interstate travel, not just trans-national travel.

Entertainment: Many of the sports that have been deferred or canceled will likely be replaced with other forms of entertainment that can be viewed on television or the Internet. Fewer people will go to live performances, both because they can't (cancelled by the government) and reluctant to after COVID clears. This will affect service workers - where most of the lesser skilled jobs have been created in the last three decades.

Security: Security will no longer be seen as just a physical access control concern. Business has been preparing over the last two decades for the eventuality of global pandemic - now they can put those plans into action, and the impacts of them will cascade into personal lives. US citizens will be demanding more from their government in disaster preparedness on pandemics - it will affect travel.

All of these tie into how US citizens see their relationship with their government, and what they demand from it.

Not every desirable activity in life is profitable. If your business plan is "make website -> get money" then perhaps you're in the wrong business.

If MLB could replace all of the players with robots that played a game simulated on a computer, designed to play out a storyline as a drama instead of a legitimate competition, and make more money doing it then they would in a heartbeat and not lose a wink of sleep over it.

Perhaps I would take them seriously if there was an escrow account companies paid into and was released to the reporting party when a plurality of multiple, disinterested parties agreed that the report was valid.

Note: I didn't say that I would do this for every company. Just ones that use HackerOne. They have decided to abdicate their responsibility for their security vunerability reporting, and I feel completely justified in dumping info on their vulnerabilities.

Releasing the details of a vulnerability is not stupid. The users of the software/service deserve to know the data/service they're using is unsafe when a vendor refuses to act on a valid security issue

>If you disclose a vulnerability, the company HAS EVERY RIGHT to sue you.

You don't need the right to file a lawsuit to file a lawsuit. You just file the lawsuit. Now, you need an actual, actionable claim to prevail a a plaintiff in a lawsuit. Whether such a thing exists in practice is something we leave to lawyers to argue about and judges/juries to decide.

If your company is in a competitive industry and I release the details of a vunerability in your software and you sue me then that vulnerability and lawsuit becomes marketing item number one for all of your competitors.

>this is why these bug bounties and established ways of notifying the company of the vulnerabilities exists

Arguably why they exist. In reality, they tend to exist to give people an incentive to not dump the vuln details on the black market, embargo bugs so customers don't leave, and attempt to maintain a good relationship with security researchers. They do not grant immunity from being sued or somehow grant the legal right for security researchers to do their work as your comment seems to indicate.

Your post reads like propaganda from a bug bounty organization. I'm not saying that you're shilling, just that you're misinformed. In the US it is generally legal to conduct security research. In the US it is legal to communicate the results of that research publicly so long as you have not agreed in some contract to not do so.

Where did you get the idea that legitimate security research is a crime?

I wish I could define what is and isn't a bug in my code at work. My defect rate would be incredible.

Suing someone for disclosing an actual bug is a long term losing proposition for any company in a competitive industry.