[viccis]

I'm in the security industry, and this is absolutely correct. There are definitely many who carefully release PoCs when appropriate (giving vendors enough time to patch, etc.), but a LOT of these tool releases are done mostly to show off how smart we are and get clout. You see this big time every summer, as researchers all scramble to get a Defcon tool talk slot with some new thing they wrote, before immediately abandoning it post-con.

Obviously, it's not like anything can or should be done to change this, as it's mostly just human nature, and keeping the security industry capable of operating legally and in the open is paramount. But sometimes people just wanna brag. And they get big mad about it and sputter about how literally any possible end justifies literally any actual means if you point it out (see: the other person responding to the top level comment lol)