The security research community would run you out on a rail if you tried to take a successful research product and attach mandatory disclosure norms to it.
The security research community would run you out on a rail if you tried to take a successful research product and attach mandatory disclosure norms to it.
Couldn't the product itself disclose to the vendors?
No firm in the world would use a vulnerability research product that automatically disclosed to vendors.