Originally Posted by vspec
People who write virus's are only half of the problem.
The other half is internet security companies and anti virus companies who release the exploits and how to use them out into the wild.
That's just silly and ignores how the system works. The standard convention is that researchers and security companies privately warn the affected beforehand to give them time to patch. Then after a set amount of time, they publish.
This benefits the researchers since they get credit for their work (or else how would they get paid and who else would do the work?)
This also benefits the public because it then they can FORCE companies who did not patch to do their job.
If researchers don't publish, exploits may continue to be unknown to the public..... but it still maybe known to the black hats.