If you find the market place unfair or fell burnt because no one would buy your cool exploit you have a few options:
1. Fuck off
2. Make your own market
3. Try again

SHIT !!! full-bullshit u called out!
that’s WhiteHat bastards’ way, u know!?
stop junkin ’round!!! why blackhats should release their vulnerabilities for all!?
so, security expert bitches are for just patching what we found ?? and earning lost of money! lol bullshit.
did u heard ’bout security paradox?! no? but i heard, read Phrack 64 or 65.
we find bugs, we exploit them, we hack them, then they’ll patch those bugz themselves, if they’re smart ! if no, go to hell. return 0;

Sure, I agree with you that all that the bastard corporations and banks care about is their shit bottom line. One detailed look at how loans and mortgages are structured and you see how hey suck every last dime out of people all while wearing a pleasant little smile. Hey, I don’t mind if you (banks) suck people dry, but at least have to balls to be upfront about it.

In the case you guys are championing though, I have hit a snag.

Why don’t you guys promote delayed full-disclosure instead of non-disclosure?

Find an exploit? Okay, get some industry/vendor/manufacturer guys together and get a patch done. Release the patch, and give people some time to patch their systems and then give a full disclosure of the exploit and vulnerabilities.

I mean if the Network Admins don’t patch up their systems in time, hey it’s their own freaking fault. You were notified, you were given time and you are paid to do your job but yet you sit around not securing the very networks you’re paid to manage? Well, you deserve the attacks.

Let’s all not be naive here, full-disclosure or no-disclosure, the information is going to leak out and spread through underground hacker networks, USENET, VPNs and all kinds of other non-visible links whether you like it or not. And if this information is not openly disclosed, the people out there are going to be ignorant about it and take no preventative steps to mitigate widespread disaster.

So guys, tell me. Why not support delayed-full-disclosure?

The root of the ethical problems in the whitehat community come with what they’re defending. What is it that defense really defends? Do we really want to be defending corporate empires that have been built on injustice, totalitarian countries that regularly topple democracies and slaughter the innocent, and barely legitimate enterprises with links to organized crime?

“What if a NGO doing good work wanted to solicit donations via a webpage? Why should they have to hire a security expert?”

They shouldn’t. As far as I’m concerned, forcing them to buy security “solutions” that fix problems that only exist because the security industry forces the disclosure of exploits is a form of extortion.

“Not everyone in the whitehat community serves corporate interests”

Disclosure of any sort to commercial entities is serving corporate interests. If your systems are insecure, fix the problem and don’t leak to any vendor that’s not an free software product.

“Building on the work of people smarter than you (actually building not copying) is how knowledge gets developed all over the place.”

It’s funny that the patent machine seems to reward the corporate oligarchy but not independent researchers. I spent many years developing exploits and exploitation techniques in good faith. Then I figured out that the entire intellectual property rights game is rigged and have been better off since. I want Chris Klaus and Al Huger to give a cut of all revenue to the people that made their business for them.

Open your eyes and stop being a slave.

What if a NGO doing good work wanted to solicit donations via a webpage? Why should they have to hire a security expert?

Not everyone in the whitehat community serves corporate interests, and not everyone thinks they are the smartest. Building on the work of people smarter than you (actually building not copying) is how knowledge gets developed all over the place.