An open letter
I'd like to write an open letter to people who think this professor's approach is the right one.
Dear members of the computing community:
You're wrong. No, really. Completely wrong. I don't know what leap of logic you took, but while there might have been logic when you went up, there is none where you came down. You clearly need to be let in on a few facts of how security vulnerabilities work.
When a researcher finds a vulnerability, they identify it with enough precision, and report it. They could release it publicly, but few do. Usually only if it's a thing that will never be fixed. But they usually don't both because it's a bad idea and because they might get paid for their hard work. So they report it to a company, who hopefully does its homework and figures out how bad a problem this is and how they're going to fix it.
You see that "hopefully"? That's because some times they DON'T. They leave their product vulnerable, keeping the customers at risk, completely ignoring the researcher, and making a mockery of security. And that, my friends in the audience, is not a very nice thing. So sometimes, a bug has to be disclosed so the company will get up and actually do something, or at least they can be held responsible for their negligence. Do you know the word negligence? Do you know that it happens sometimes?
Now, let us surmise that a company has proceeded with our hopefully and fixed their bug. Yay, the patch is released. The vulnerability is gone. Yeah... Do you remember that whole wannacry thing? It was kind of a big deal back in May of 2017, when a lot of things suddenly started breaking? That bug was patched in March, and a lot of people didn't have it. Maybe that is because a lot of people are lazy and incompetent. Actually it definitely was. But another set were unaware how critical the patch was. That's what publicity does. It informs the IT literate that they need to get fixing, and it alerts those who are not IT literate to find someone who is IT literate to fix their stuff because it can be broken. This, in turn, results in less broken stuff.
You can disclose improperly or in a counterproductive way. No contest. So what? You can also drive in an improper way, too, but we don't ban driving because we're better off being able to get places quickly. Having something that can be done improperly isn't fixed by never doing that thing again. It is fixed by finding the ways to do it improperly, and not doing those. If it's critical enough, it's done by putting incentives in place not to do it improperly.
Welcome back to logic. Let me help you up. Now, if you'd like to start researching again, that's fine, but maybe run your output past us next time. After all, you seem to have been doing it improperly, and we don't want anyone hearing about it and deciding there will be no more research.