Vulnerability-disclosure policies (VDPs) can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws. Security researchers still face legal action for hacking when reporting bugs they find. Giggle, a social network for girls, recently reported a privacy flaw to the social network. The bug that DI found would allow unverified attackers to trivially access this personal information on the platform from anywhere. The company has also been threatened with legal action though it s unclear what the allegations will be.
Source: https://threatpost.com/giggle-managing-expectations-vulnerability-disclosure/159039/