Dean made a comment in the SILC channel about a student who:
"student thinks its terrible to release tools, exploits, etc...he says it makes it too easy for people to attack America"
Its not the first time I've heard that argument, but after a few weeks in the new gig I have newfound understanding for the need to provide "absolute proof" of exploitation or the ability to exploit something.
So while on one hand I understand that exploit code and tools allows bad guys to do what they do on the other hand you have people that require you as their security person to show them with absolute certainty something happened or something could happen. Otherwise there is no "proof." And if I need to show proof to get a problem fixed, mitigated or policy changed or put in place its nice to have the ability to do that.