Check out my groundbreaking research. I smashed windows on 20 buildings and took cash out of their registers. In order to fix this vulnerability, I suggest you make everyone who passes by your building sign this piece of paper saying they won't smash your windows and take your money. I will happily receive your nearest Nobel prize now, thank you.
Signed, UMN Researchers.
Edit: Wait, the cops are here. We sincerely apologize for any harm our research group did to your business. Our goal was to identify issues with the windows on your buildings and we are very sorry that the method used in the “smashing windows to take cash” paper was inappropriate.
Related: there's a reason the Certified Ethical Hacker course places such emphasis on getting written permission before doing anything.
If you're messing with someone's systems, or (as in this case) with someone's processes, you don't get to claim to be the good guy unless they agreed to it before the fact. It's not rocket science.
What exactly is the value? How did you come to it? The pay rate of people who would be working on the software regardless of the MNU boondoggle, is not wasted anymore than any other day is wasted. This is part of development. Dead ends, circling back, accounting, maintenance, et al.
> I think the cash theft is analogous to the dev time the researchers wasted.
That's a fantasy that developers would like to believe because they put an inappropriate valuation on the the time spent on software. The inability to face this, has been disturbing from the start.
Signed, UMN Researchers.
Edit: Wait, the cops are here. We sincerely apologize for any harm our research group did to your business. Our goal was to identify issues with the windows on your buildings and we are very sorry that the method used in the “smashing windows to take cash” paper was inappropriate.