The security research community would run you out on a rail if you tried to take a successful research product and attach mandatory disclosure norms to it.

▲

VladVladikoff an hour ago | parent [-]

Couldn't the product itself disclose to the vendors?

	▲	tptacek an hour ago \| parent [-]
		No firm in the world would use a vulnerability research product that automatically disclosed to vendors.