Why Sharing Ransomware Code For Educational Purposes Is Asking For Trouble

Mark Wilson writes: Trend Micro may still be smarting from the revelation that there was a serious vulnerability in its Password Manager tool, but today the security company warns of the dangers of sharing ransomware source code. The company says that those who discover vulnerabilities need to think carefully about sharing details of their findings with the wider public as there is great potential for this information to be misused, even if it is released for educational purposes. It says that 'even with the best intentions, improper disclosure of sensitive information can lead to complicated, and sometimes even troublesome scenarios'. The warning may seem like an exercise in stating the bleeding obvious, but it does serve as an important reminder of how the vulnerability disclosure process should work.

Re:We actually don't WANT better ransomware

[QRDeNameland]

Well, it seems to me that two things are likely true:

1) Making malware code public helps malware programmers (current and aspiring) write better malware programs.

2) Making malware code public helps anti-malware programmers (current and aspiring) write better anti-malware programs.

Who benefits more? I honestly don't know. However, my bias is towards openness over secrecy, and I think it needs to demonstrated that the risks of making malware code public outweigh any potential benefits.