Commentary: Five Things Not to Do When Discovering a Biosecurity Vulnerability
IBBIS Executive Director, Piers Millett, outlines 5 things not to do if you discover a vulnerability in a gene synthesis screening tool. His thoughts were published online by Applied Biosafety in April 2024.

Tools, like the Common Mechanism, to screen orders submitted to companies synthesizing nucleic acids or machines that can synthesize them are vital to help ensure the building blocks for pathogens, toxins, or other biotechnology that could cause harm are kept in the right hands. Anyone finding ways to circumvent this screening needs to be responsible in how they share this knowledge.

Piers argues that it would be worrying if someone discovering a vulnerability in a nucleic acid synthesis tool was to:

  1. publicly release it without a “patch,”

  2. set an impossible timeframe to patch it before public release,

  3. refuse to report it without a reward,

  4. test it on a tools without the developer’s/operator’s consent, or

  5. create a real biological hazard while exploring hypothetical biosecurity vulnerabilities.


IBBIS is interested in working with others to develop procedures and practices for responsible vulnerability reporting. IBBIS believes:

“It will be a much harder challenge to develop a parallel set of behaviors desirable in such circumstances. This is a process that should start now. There will soon be a need for a safe, balanced, and reliable reporting infrastructure.