Vulnerability Disclosure: What are the legal and ethical issues governing the disclosure of a vulnerability by an independent technical person (e.g., cyber researcher). See this paper: https://www.eff.org/issues/coders/vulnerability-reporting-faq. What are the legal obligation of the government if they come to know about a vulnerability? Can they corner the vulnerability market and exploit a vulnerability against an adversary. See this paper Dorothy Denning: https://learn.umuc.edu/content/enforced/111374-022073-01-2158-GO1-9040/DDenning.pdf?_&d2lSessionVal=hDspQFvvJP69gBZD9LTeVUUTl.
Attack Disclosure: What are the legal obligations (as well as protection for sharing) of companies about attacks on their systems and possible future attacks and vulnerabilities? Who should they disclose to: government, users of their systems who were affected by the breach and investors? See