[count]

I'm not making the argument that the keys are available already - I'm making the argument that the vulnerability has been previously disclosed, and that VW has done nothing about it. In fact, they have discounted it.

It's easily ethically defensible - there is no moral imperative to keep the knowledge of something secret which may cause injury to others by being kept secret. In fact, just the opposite. VW is in an ethically indefensible position, as they are in the position of selling vehicles with systems marketed specifically as 'secure' that are, in fact, not secure at all; a fact which has been known to a smaller community (and VW) for over 4 years. THAT is ethically indefensible.

Sometimes, publishing details in a painfully easy to reproduce manner is the only way to get a company to FIX the problem, which is the point in all of this. For a great physical analog, see the 'pen and u-bolt lock' trick. It wasn't until a Youtube video appeared showing just how ridiculously easy that lock was to break that the company updated it's design and fixed things.

[aneth4]

So your making the argument that enough time has elapsed in which the car maker could have fixed the problem. In other words, you are not making an argument supporting publishing freely and immediately. You are implicitly supporting restraint for at least as long as some subjectively determined time it should take for the manufacturer to fix the issue, and support publishing as a method to pressure the manufacturer. This is entirely different from supporting free speech at any cost.

You then go on to say there is no ethical imperative to withhold information that may harm others, which is both wrong and contrary to your prior implication - that publishing is ok after a window has passed for the issue to be resolved.

This reasoning is contradictory and flawed.