We would find it unacceptable for grading in a college-level course to be done by multiple TAs without any rubric or common guidelines. Why is it acceptable for our career-affecting review process?
There are millions of viruses, etc., in the wild today. Countless new ones are devised by black-hat hackers all the time. In order to proactively defend against new exploits, some white-hatters seek out or create weaknesses or vulnerabilities and then devise fixes for them. However, in some cases, such as Spectre, fixes are not readily apparent, either to the inventor or the vendor of the target software or hardware. Regardless of the existence of a fix or not, the question arises as to what to publicize or disclose about the vulnerability. We argue that no public disclosure should be made at all, until and unless the exploit appears in the wild.