Comment by smsm42

Sure, there's temptation. Just as goods being laid out on shelves in the store is a big temptation to steal them and not pay. Am I surprised that some people shoplift? No, but that doesn't make their behavior correct or commendable. And the proper response to learning that somebody steals from shops is "this is bad, you should feel bad about this and should stop doing it immediately" not "stupid store, how dare they not to lock things up properly!". Yes, this does not and will not prevent 100% of theft, because some people are sociopathic enough to not care about (or even enjoy) social disapproval, but it will make a society where theft is not encouraged, and for people who are not thieves it's better to live in such a society. In the same manner, it's better to live in a society where responsible disclosure is a norm, and to create this norm, it must be culturally enforced. It will not prevent sociopaths from violating it from time to time, but having the norm is better than not having it.

> “responsible disclosure” itself is hugely controversial. It’s most often used by corporations who’d prefer that the vuln is never, ever disclosed.

It is sometimes used like that, but it is nowhere near "most often". Most often, the responsible disclosure results in exactly what it is meant for - fixing the vulnerability and improving security without harming anyone. And supporting this as cultural norm would make such cases even more frequent.