The value of vulnerabilities
There is value in finding vulnerabilities. Yet many people believe that a vulnerability doesn't exist until it is disclosed to the public. We know that vulnerabilities need to be disclosed, but what role do vendors have to make these issues public?
"There are no guarantees, and therefore I think it would be pretty naive to believe that the person reporting the issue is the only one aware of its existence."
All of this is pretty frightening don't you think?