The controversy is easy to spot. Making a cracking tool publically available means that blackhats? will get their hands on them. It also means that |whitehats? will get their hands on them, and that the vulnerability WILL get patched, and fast. It is often looked upon as good practice to give a vendor prior warning if the bug is not beeing exploited in the wild - so that they may have a patch ready at the time of disclosure. This, however, does not apply if the vulnerability is actively exploited, for example if you find an exploit on a cracked system you administer.
future expansion of article should mention:
See also: