I recently discovered a way to bypass a commonly used security seal system, requiring no special equipment and taking only a matter of seconds. I feel obliged to disclose this, so as to avoid the possibility of users of that seal system harbouring a false sense of security.
I would use CERT's Vulnerability Reporting Form, but that is only intended for software vulnerabilities.
Is there an equivalent responsible disclosure system in place for the physical security industry?
First of all, set your expectations appropriately:
The physical security industry isn't quite like the information security industry. The probability that they don't already know everything you figured out is pretty slim. They may have even known about your technique before they went to market.
By assuming you have something novel, how do you realistically expect then to react? Would this mean simply retooling their process? Inventing a new sealing technique? Shutting down entire companies?
Physical security isn't perfect. It isn't even good. Not in comparison to what we have in IT. For example, lockpicking technique has been well understood for literally centuries, but most locks on the market today are still highly susceptible.
By going public you're guaranteed to make people mad on both sides. But the only way you can even hope to improve things is to present not just the problem, but also a commercially-viable solution. Then press the solution, not the problem.
