[spectistcles]

You're taking an unknown known and making it a known known.

I'd rather an exploit stay secret so there's a chance that someone doesn't use it against me, rather than telling everyone the exploit and hoping someone fixes it fast enough.

Disclose it to the company, and give them a hard time limit.

[sillysaurus3]

The opinions of people who work in the industry, whose reputations are on the line, are strongly aligned toward immediate disclosure for fairly persuasive reasons (see elsewhere in the thread). It makes us all safer to do so, for example, because you have the option to stop using the affected software.

[dmoy]

Disclose with hard time limit is what project zero day does, no?