tsamsoniw writes: Fed up with companies failing to address security holes fast enough, white hats are turning up the pressure by quickly making the vulnerabilities public. First Goatse Security made public thousands of email addresses of iPad users that it swiped from AT&T's Web site — after AT&T failed to disclose the data theft fast enough. Next a Google security engineer publicized an exploit for Windows XP — which is now being used widely — after deciding Microsoft was moving to slowly to fix the problem. In both cases, the Goatse and the security engineer are claiming they did what they did for the greater good: Though their actions put users at risk, it forces the offending companies to worker faster to fix the problem. Do the ends justify the means?