[Golden Eagle]

Imagine if I found a serious defect in a baby car seat model and could not make it public without the OK of the manufacturer? sure my butt would be covered but that would be little comfort to someone who lost a baby in the time it took me to report it to the company and the company decided whether is was worth it to recall or take the risk of being sued. Why should a computer system be any different?

Because, the fault in the baby seat cannot be used by criminals to steal from or destroy others, purposefully. The baby seat requires an arbitrary accident to occur, but doesn't invite others to crash into the car to invoke it, whereas the disclosure of a vulnerability or hack does encourage those who look for such things to plan to use them immediately on unsuspecting innocents.

[N3WBI3]

whereas the disclosure of a vulnerability or hack does encourage those who look for such things to plan to use them immediately on unsuspecting innocents.

And the non disclosure of such a hack keeps people from knowing there system is open for attack when that hack may already be know by thousands of criminals! Its pure stupidity to assume because I one does not tell the general public about a vulnerability the hacker community wont know about it. Hell, if I was a black hat hacker I would *not* want the bug disclosed to the general public. The longer that only the vendor knows about it the longer I have a victim set completely unaware their house has no front door!

The argument that when we make something illegal criminals wont have it is the same argument gun grabbers use. But the truth is when we take away information about system vulnerabilities from people *only* criminals will have it!