Comment by spijdar

That's fair. It's the attitude I've seen the most of in the people I work with/around, and it's rubbed off on me a bit. There are definitely people who believe this is a disservice to the users, and I don't necessarily disagree with them.

Personally, I agree most with tptacek in another comment, that this is on a continuum, and depends on the vulnerability, situation, and who's involved. If there's a good faith effort to develop + push a patch to a very wide install base of hardware which realistically is being ignored by the sysadmins (no change of being replaced, and impacting people using them in e.g. public places), I think it can be ok to embargo details.