An open letter to security researchers and practitioners