As ransomware attacks and zero-day vulnerabilities continue to dominate headlines, security professionals are lamenting the sizable gulf that remains between those who want to share information and those tasked with protecting the company legally.

Incidents including the spate of ransomware attacks on companies around the world as well as critical bug disclosures have led to calls for private companies and government agencies to not only strengthen their internal security practices, but also better engage with outside researchers who can assess networks from a fresh perspective and sniff out critical security flaws.

“Use a 3rd party pen tester to test the security of your systems and your ability to defend against a sophisticated attack,” White House adviser Anne Neuberger wrote in a recent memo to companies. “Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors.”

Despite these efforts, however, many in the security research community continue to be frustrated with the legal walls that prevent them from sharing their findings with both other companies and the outside world.