Hi Roger,

As you mentioned - WabiSabiLabi tells us that they will not sell to the bad guys and that they check the identity.

We all know for the matter of fact - it is just take few mins to create identity. We need to keep in mind that bad guys can do anything dirty to cause any harm. They don't care for ethical and unethical stuff but we do.

If any security researcher finds any vulnerability - i think he should notify the vendor first as you said.

Cheers

Shoaib