For the curious, this link was suggested by tptacek in an earlier discussion of vulnerability testing and reporting as recommended reading for knowing what the practice guidelines are to reduce risks of breaking laws / being sued / being fired.<p><a href="https://news.ycombinator.com/context?id=30707226" rel="nofollow">https://news.ycombinator.com/context?id=30707226</a>