Disclose.io provides a clear legal framework to protect organizations and researchers engaged in vulnerability disclosure programs. The goal is to protect those engaged in good-faith security research from legal action.
The disclosure this week of several new vulnerabilities in AMD chips--without any technical details--has again raised concerns about the way some researchers choose to deal with vendors on vulnerability research.