Couldn't the product itself disclose to the vendors?
No firm in the world would use a vulnerability research product that automatically disclosed to vendors.
No firm in the world would use a vulnerability research product that automatically disclosed to vendors.