It is allowed (generally but maybe isn't allowed on SN specifically) what do you mean? Do you have the definition of ethical hacking misdefined? Do you mean SN specifically should have an bug bounty for ethical hackers?

Part of the ethical hacking process is getting permission from the system owner (with a defined scope of what you're going to attack). If you skip that step, you aren't an ethical hacker.