I (we) would obviously prefer the professional person who is doing good for society. The problem is, this behaviour isn't good for them. I am not an expert or anything but from what I know, pentesting without explicit prior permissions can easily lead to huge lawsuits. I would rather that the careless people get their cars stolen than the good people all lose heart completely.
Sure there is no perfect solution here.
I guess it’s a good idea to only pentest companies that do have a bug bounty program and an expressed interest in you pentesting.
While I enjoyed the article that GP referenced and agreed with most thing I thought the “hacking bad” take was a bit off.
Which one do you prefer?