[Kalium]

It also affects professionals who read CVEs and posts to full-disclosures to learn that what mitigations are available. Those tend to be the people responsible for protecting whole networks, who are capable of deploying Snort signatures or roping off vulnerable boxes. Or just people who appreciate knowing that their servers might be vulnerable. I've been in a couple of those positions.

The standing assumption in security is that for any given vuln, the black hats already know. This is a defensive assumption, stemming both from the general unknowability of the subject and the frequent occurrences of it actually being demonstrably true. It's the devs who need to patch software under intense pressure, and the product organization that sets their priorities, and the growth hackers who just want things shipped now whose priorities could perhaps stand to gain from a little adjustment.

I've worked places where engineers would have welcomed that sort of outside pressure.

To put it another way, I do not believe that keeping people ignorant keeps them safe. I fully understand why some people might prefer to believe otherwise.