Two types of disclosure (Score 1)

There are basically two types of disclosure: 1) Disclosure of the existence vulnerability and 2) Disclosure of an exploit for a vulnerability. They are, of course, related. But type 1 doesn't immediately put users at serious risk. Hackers would still need to pick apart the underlying execution code and then work on developing a functional exploit. This can take several hours to (hopefully) several days or longer. At least in this case, the presumably embarassed and harassed-by-customers vendor gets motivated to quickly issue a patch. Type 2 disclosures should be shunned by everyone. These present an immediate hazard to end users and provide no conceivable benefit to anyone (except PR to the group that issued the exploit). Responsible researchers should always give software vendors a "final warning" and 1 - 2 weeks notice before releasing a type 1 disclosure.