> I wouldn't trust anything like that in Germany [...] Hacking is illegal, so if the police find out you hacked and can prove it, they will arrest you and you will be convicted, period.

This is rather hilarious to read as a reply to someone whose day job is literally hacking in Germany. We document it for tax reasons and sometimes are even allowed to publish it, too! Besides paying clients, we also "hack" (read: help secure) projects and blog about the vulnerabilities we've found and what the disclosure timeline was

Clearly this doesn't work as a blanket statement and coordinated vulnerability disclosure is a thing here. I can agree there are caveats but the statements as made aren't accurate

As for dealing with the government, so far as I'm aware, none of us have had bad experiences with the German IT security agency (BSI) whenever a vendor was being uncooperative (healthcare vendors tend to be very, let's say, German about whose responsibility it is when their device sends genital pictures over a network with no encryption or authentication option available in the software)