Wait, what if a hacker found an exploit and then published it without giving the company a chance to fix it?