They didn’t release anything into the wild. It existed. The irresponsible thing would be letting it keep existing without telling anyone.
They didn’t release anything into the wild. It existed. The irresponsible thing would be letting it keep existing without telling anyone.
You cannot deny that telling the entire world about this vulnerability before it is patched won't cause a lot of abuse that would not have happened otherwise.
I do deny that, mostly because we’ve entered the time of automated vulnerability detection and abuse. A human need not be in the loop at all anymore.
But, even if I agreed with you, how do you propose they tell the patchers this that doesn’t tell the whole world?
Why not?