Security researchers often find themselves in for a rough ride (legally speaking) when they try to report holes that they have found. This new effort <https://arstechnica.com/information-technology/2018/08/new-open-source-effort-legal-code-to-make-reporting-security-bugs-safer/> tries to put together a clear framework so everybody knows exactly where they stand. Of course, the next step is to get various organizations to adopt it.