A researcher was prosecuted in Australia for identifying and disclosing a vulnerability in a bank’s website. The disclosure process was done by the book, and yet the bank reported the incident to the police. Vulnerabilities exist whether they’re identified by white or black hats and yet cybersecurity legislation seems to still be in its early stages. What should change and how? Join to discuss.