It's questionable, and doing it wrong can get you sued or worse. Here's [1] EFF advice on it, but as usual getting a lawyer knowledgeable in the area is your best bet.
Most people that publish play with fire but have learned some boundaries making it somewhat safe.
Most people that publish play with fire but have learned some boundaries making it somewhat safe.
[1] https://www.eff.org/issues/coders/vulnerability-reporting-fa...