calling yourself a white hat doesn't make what you do ethical
It is generally accepted as being a good idea that it should be legal to go out and buy an instance of a padlock, be able to test it to destruction or see how easily it can be picked and then publish a report on your findings. This is also true of computer programs, other than to the extent the DMCA has been allowed to muddy this water.
It is also generally accepted that if you spot a door unlocked on your neighbour's garden shed in passing, that you can legally knock on his front door and tell him about it. Again, the same is true of computer programs.
But it is not generally accepted that you can legally test the padlock on your neighbour's garden shed with lockpicks to see how long it takes to get in. Nor should it be. And yet again, exactly the same is true of computer programs.
So in what sense can we consider a group of ethically-challenged fools who don't understand this "a group of experts" whatever their technical credentials ?