A responsible disclosure policy is the release of details surrounding IT security vulnerabilities after a certain amount of time has passed. How much time depends on who has the information and how serious the potential threat is. There is a lot of room to move on the issue of what is responsible and there is no general agreement on the ideal release schedule. Telling malicious actors which pieces of code are vulnerable is like giving robbers keys to the bank vault, experts say. The real sticking point for IT security is collaboration, but many dont reach out to other agencies for help.”]