An Argument for Full Disclosure

No matter who finds a bug or what software/product it’s in, Full Disclosure is the only method that can ensure that the right people know about it without too much hassle. With Full Disclosure,
1- The holes get fixed. Isn’t that what it’s all about?
2- Such vulnerabilities can’t be abused by morally-challenged people.
3- It allows end-users a chance to backup their databases and take preliminary steps to securing their sites.
4- It provides the affected companies with a solution. If the exact bug and the associated steps of reproduction, the affected files/code, and the extent of damage are reported there really isn’t anything much left.
5- It embarrasses the company into taking immediate action and better care.
6- You get the credit you deserve for finding the flaw!

Read the original post.