> Do not publicly disclose information about the vulnerability and vulnerable systems without the CCB’s consent

This one would be a sticking point for me, personally. When disclosing vulns, I am extremely reluctant to relinquish control over who I tell and when. I wonder if participation in this mechanism could increase one's overall liability.

This makes it sound like they're fishing for some zero-days.

I don't think so, they require you to also tell the author as soon as possible, if not before.

I'd think notifying them as soon as possible and asking them for permission for publicly disclosing would let them protect you more efficiently.

If they wanted zero days they would just buy them, like everybody else does.

Well they are paying with protection

You presumably retain the ability to control disclosure about vulnerability research you conduct against authorized targets; the most common class of authorized targets is "software you run yourself, in settings where vulnerabilities don't involve talking to other people's computers/servers".

Where people get into trouble is when they authorize themselves to conduct research against other people's computers. If you want firm control over the disclosure of your vulnerabilities, find other people's computers that authorize testing, or test your own computers.

I guess this only applies if they pentest a belgian institution? Otherwise that would be prosecute right after the leave the country

Basically yes. "any systems, networks, or applications located in Belgium".

Of course you might still be prosecuted outside Belgium, e.g. if you pentest an Oracle setup in Belgium, and Oracle takes issue and files charges against you in the US. But that is less likely to happen or succeed.

Maybe they can invite Snowden over then?

Ah yes, Snowden going to Belgium, headquarters of NATO. Surely he'll be safe there from the US reach and not get deported. /s

Snowden isn't in legal trouble over vulnerability research.

It would be a nice guesture. I'm not sure how he would get there safely though. Planes have a nasty habbit of being forced to land somewhere on route in these situations.

As long as he can get into the Schengen region, he can get to Belgium in a van without any paper trail.

I'm not advocating illegally entering any eastern EU countries, nor suggesting that it is easy, but from a physics standpoint it doesn't occur to me as exceptionally impractical for a determined and resourceful actor with international support, considering the mountainous terrain of Hungary, Estonia, Latvia, etc.

Who would use it/move to there?

Considering taxes in Belgium are the highest in Europe and almost the highest in the world.

It's only high for regular income. Belgium does not have a capital gains tax. If you start a company, it does well, and you sell it, you pay zero taxes.

Similarly, when you receive stock options after joining a company, you get taxed immediately, but you don't pay taxes when you exercise them. That's really backwards when you join an established company (because you'll pay taxes on something that might actually be worth nothing), but it's fantastic when you receive stock options in an early stage startup, with options that are worth pennies.

> It's only high for regular income

That's almost everyone? :P

---

Ethical hackers aren't companies that will sell their company here.

I don't know any company who gives stock options here, it's not a thing.

Dividends gets taxed at 30%.

If you get a bonus from work for delivering, taxes are normally so high that the bonus looks low.

What you're saying is basically: it's great when you're rich.

FYI: dividends in the US count as regular income. For higher incomes, they get taxed significantly higher than 30%…

I thought it was pretty obvious from my comment that the Belgian tax system is very favorable for businesses and their owners…

For businesses and selling yes.

This has a very high risk of your associate your business with your private life in case of bankruptcy ( to pay less taxes).

Additionally, i know an owner that put his wife as boss instead of him for tax reasons. So tax optimalisation is very very complex here, another disadvantage.

And stock options of your own firm to employees still needs RSZ contributions.

So that's expensive too

Are tax rates the most important factor for relocating to somewhere? Might want to look at what you get in return for those taxes.

Weather ain't great either.

You're getting a lot back if you're unemployed and actual Belgian though.

Some people aren't even working because the difference between working and not, is too low.

And if you're ill, you don't have to worry about finance too...

That's it

It's even worse. At minimum wage, the cost of commuting and daycare are more than the diff of work and unemployment.

So what's enticing those people to go back to work if it literally costs them money?

And I don't mean to say that unemployment must go down. On the contrary, at minimum, it must be beneficial to go to work. So minimum wage must go up.

Problem is that then unemployment will go up too, as that is tied to minimum wage.

Unemployment benefits shouldn't be unlimited in time.

For the rest, i agree.