Vulnerability Disclosure

I am delivering CISSP training this week and today we were discussing software development security in class, during which we discussed the role vulnerability researcher have and the affect of vulnerability disclosure with Proof of Concept has on the development on Malware. As is often the case when I am delivering the training I find in the InfoSec news feeds a relevant story to the topics in the domains of the CISSP, today I found "Exploit kit authors thrive due to PoC code released by whitehats" published by Help Net Security discussing exactly the same point as was giving weight to the discussions we had in class.