Kudos to IBM and Security Researcher Maurizio Agazzini
Here’s a story about how IBM apparently asked a security researcher (Maurizio Agazzini) to pull their exploit code after working with that researcher to address vulnerabilities in some IBM software: http://www.zdnet.com/article/ibm-pressures-security-researchers-vulnerability-exploit-code-pulled. As a security researcher myself, I just want to say “good job” to both IBM and Agazzini who complied. Here’s why:
One criticism of providing exploit code along side security research is that it creates risk to customers by making attack capabilities available to attackers who otherwise would not have the skill or knowledge to do so. Others argue that even with the exploit code, some simple reverse engineering can be done to analyze patches and exploit code could be derived from that work, but on a slightly delayed timeline. Even if that delay is an hour, a day or a week, that still benefits the customers, so kudos to IBM and Agazzini for putting customers first.