I have traveled far and wide, believe me when I tell you that the principle of responsible disclosure and the protections we think should extend to those who engage in it do not really exist in other places. The notion is precious, taken for granted by some, feared by others. 1/

Precious because the notion makes us all more secure, precious because it undertakes unprofitable work that business cannot, precious because it teaches our young how to go about *their* business, and precious because it creates an environment where we reward good security. 2/

We sometimes take the notion for granted because increasingly organizations have learned to do the right thing, they have learned what is good for them. We take for granted that others will recognize our good work and thank us for it but we are fools to think the world agrees. 3/

It is feared by those who are lazy, those who become complacent, those who fail to recognize the real threat to their enterprise, and those whose pride or shame somehow manage to override their honest common sense. It is feared by those who were caught slipping and feel shame. 4/

Defend the notion of responsible disclosure, defend those who engage in it and lift them high. Blessed are those who choose to do the right thing and put the common good ahead of personal gain, protect them when you can, defend when you think it's right. Blessed are those who do.