@jerry I'm hopeful here but cautious. In this specific case, there's no doubt I would be unprotected - someone did something unethical, and the DOJ will find out who.
In the other cases I've handled - private, public, or advisory - I would almost certainly be guaranteed protection from DOJ prosecution now (though I remain unprotected from other litigation ex. state-level laws). That said, for any protection at all to be offered is big step and worth acknowledging.
The whole posture around information security is just generally upside-down, I feel.
Media focuses on blaming scary for cases of gross incompetence on device vendors' part; LEA is hell-bent on prosecuting security researchers for disclosures; and three-letter agencies weaponize vulnerabilities and then lose cabin pressure, leading to WannaCries and NotPetyas.
A Mastodon instance for info/cyber security-minded people.