Contrast Security’s Jeff Williams talks about disclosure, bounty programs, and vulnerability marketing. The first set of discussions focus on disclosure and how pending regulation could impact it. Williams: Disclosure hasnt tilted the market towards more security products in 20 years, and its not going to. Disclosure creates the illusion that security research and disclosure is a substitute for security engineering and analysis, which it is not. The goal is to minimize the overall amount of damage that can be done with a vulnerability.”]