Oddbean new post about | logout
 Probably will, yes. If the problem must surface sooner or later, why not fix it sooner? 
 because the guys who do the actual work and know the system decided that their time is used best for other tasks.

Every system is flawed. If everyone starts forcing the issues that they want to be fixed while there is not shortage of work to be done, we end up in a shitty situation with every problem increased to its maximum.

It is not like that duck found and published an exploit. He made what is common knowledge more annoying. 
 To be fair there's never a shortage of work to be done. And you're right, they didn't disclose a vulnerability but my point is that the role of gray hats typically is to emphasize known issues exactly because they are known but remain unfixed. I hold the position that shitty situations create better systems or fast-track the inevitable failure of bad systems. Dev time is truly lost on projects that are doomed to fail but do so slowly. 
 for this to work the gray hat has to have a better understanding of the situation than the devs.