According to a survey conducted at the 2018 RSA Conference, 32% of respondents believe that researchers do not need to wait for a fix to disclose a vulnerability, while 25% think vulnerabilities should not be disclosed without a fix. Nearly half of respondents think vulnerabilities found by security researchers should be disclosed to the vendor first before public disclosure, but 36% think disclosure should only happen in partnership with security experts. Over half of respondents think proof-of-concept code should be disclosed along with vulnerability reports.