The discovery of a number of what have been described as serious vulnerabilities within industrial control systems built by manufacturing giant Siemens AG has raised questions about how the nature of vulnerability disclosure should — or shouldn’t — change when it comes to the security flaws in industrial systems. Experts say the rules of disclosure for SCADA vulnerabilities are not much different than with traditional software. “There are essentially no rules, if you are a white hat, you generally follow guidelines, but there’s nothing forcing them to do so,” says Pete Lindstrom, director of research director at Spire Security.”]