Why publishing exploit code is *generally* a bad idea if you're paid to protect
Update2: Further proof that people are abusing this in a wide scale and likely wouldn't have had the exploit code not been released. Update: I've clarified a few points and added a few others. Recently Tavis Ormandy (a google employee) discovered a security issue in windows, and days after notifying Microsoft published...