When a researcher discovers a new vulnerability, they could publish their findings. They could also notify the manufacturer and hope to be heard. On the other hand, the manufacturer could file a lawsuit against the researcher to silence him or her or contact the FBI to file a criminal complaint against the researcher. That could lead to jail time.
This is where Responsible Disclosure comes in. Responsible Disclosure is an Information Security term for disclosing a newly discovered vulnerability to the manufacturer and allowing them a specific amount of time to patch or remediate the vulnerability before the researcher publishes his or her findings. This allows the manufacturer time to conduct their own testing and develop a remediation plan while still allowing the researcher to claim the credit for discovering the vulnerability. Even with Responsible Disclosure, the researcher is putting himself or herself at risk by contacting the manufacturer directly because the manufacturer could turn around and press charges against you. That is why having an attorney make the disclosure on your behalf is important. An attorney can provide the manufacturer with all the information and testing results without being forced to reveal the researcher’s identity. RobbLAW is ready to help.
As with any Attorney-Client relationship, once you have hired RobbLAW as your attorney, anything you share with our staff will be kept strictly confidential under Attorney-Client Privilege.