Press release: “Software security researchers can disclose vulnerabilities almost to their hearts’ content. Web security researchers, on the other hand, can go to jail for merely looking for a vulnerability, much less disclosing one publicly. The inaugural report of CSI’s new working group explains why, and whether the legal climate is bad for the Internet.”