This discussion is about two opposites. On the one side there is obscurity by nondisclosure on the other there is awareness by openness. None of those two opposite positions are good.
Security by obscurity is never a good answer to threats. Openness before all others isn-t good to, you wouldn-t give your pin (personal identification number) to a stranger would you?
The best solution in these discussions I fear is the straight and narrow.
In my opinion there ought to be a system where one can report a bug. The system should inform the owner of the software with all the detailed info. The bug will be visible to everyone without the detailed info. After that a timer starts running and after say 60 days all the detail will be visible to the entire world.
This keeps the software boy-s on there toes and the admin happy because he can assess potential risks en plug them if needed.
