Wired has published an article about the pros and cons of early and full disclosure of security flaws in software. Proponents argue that full disclosure pressures companies to provide patches, and alerts users to the problem(s) so they can protect themselves against holes about which hackers probably already know anyway. But when is full disclosure too much? Some say making public malicious code can sometimes unnecessarily provide crackers w/ instructions on how to cause damage. At issue in particular is an IE 5.5/6.0 exploit which allowed a script embedded in a web page to erase the user's hard drive.
Check out the article here.