 How does it affect a normal person who's a user of a product if somebody who's a security researcher has Reported a vulnerability to that company and the company never fixes it. Mm-hmm. Well, I don't know about you But I'm one of the hundred and forty three million people that lost my personal information and credit history when Equifax Decided not to patch a single vulnerability in their servers behind every data breach is a story And that story is either that people didn't know something was wrong or People knew something was wrong, but they De-prioritized the fix for it not understanding how severely it could impact them and consumers and the people whose data they're storing You talked about a coordinated vulnerable disclosure. So who's coordinating and what's being coordinated? When we talk about multiple stakeholders in a vulnerability One of the things we're talking about is not just the people who found it and the people who need to fix it but also the people who are Advocating for the consumers who may be affected by it. That's how you'll get situations like the FTC stepping in to have a conversation or two with companies that have repeatedly failed to fix Major vulnerabilities in their systems when they're protecting consumer data The EFF is a great example Tends to want to protect a larger community of people not just the researchers Not just the people working at the company, but all the people who are impacted by a vulnerability So a security researcher finds something that's wrong and reports it to a company the company's incentives Need to be aligned with the idea that they should be fixing the vulnerability not suing the researcher into silence