Curious, do security researchers typically liaise with the FTC when vulnerabilities are discovered? This and your parent comment seem to imply a 'yes' but this doesn't seem like an obvious connection (to me at least). I would expect the first point of contact at DHS to flag this for other agencies' attention if they felt it was necessary. Should DHS feel territorial about this and be reluctant to contact outside agencies that's on them, not the researcher.
I wonder if many security researchers know to routinely shop their findings to multiple agencies independently. It doesn't seem like this is common knowledge.
DHS is a law enforcement agency, which regularly uses surveillance techniques, some of which exploit security flaws in devices and software. When you share information about security flaws with DHS, you're sharing them with ICE and the Secret Service.
The FTC, in contrast, is a consumer protection agency. They don't kick down doors and they don't arrest people.
And yes, many security researchers have shared their prepublication research with the FTC.
I wonder if many security researchers know to routinely shop their findings to multiple agencies independently. It doesn't seem like this is common knowledge.