Software of any complexity always ships with bugs. Given our reliance on a staggeringly complex web of data and services, how do we, and how should we, deal with these security vulnerabilities when they are discovered? What are the social, legal, and ethical norms around discovering and disclosing software vulnerabilities? This session is a guided tour through the semi-secret, often misunderstood world of vulnerability research and development and how it affects your life and business.