Re: This is why we can't have nice things
It really isn't the same. There's potentially a person with a set of skills who could go one of three ways
1) Designing systems safe from malicious input
2) Testing systems to ensure they're safe from malicious input (possible alternative career option, but not a certainty)
3) Actively and illegally trying to exploit systems.
Saying that they would otherwise choose 3) is a huge stretch. Whilst there are a number of bored teenagers out there trying to exploit systems for laughs, there's also a criminal element attempting it for profit, and nation states hacking to achieve their own aims.
The genie cannot be put back in the bottle. They've been provided a potential risk, and it's up to them to assess if this is a risk that needs to be mitigated against. If the risk is one with a high probability then the researchers should be thanked, as it's better than having a day zero exploit of your systems.
It is in no way the same as a protection racket, where it isn't a case that the people could otherwise go the other way, it's a case that the racketeers *ARE* definitely going to attack if their racket is not paid. It's more akin to someone telling you your locks are a little weak, but that once they've been replaced (and not by the lock adviser) then no-one can get in easily.