The Log4j debacle showed again that public disclosure of 0-days only helps attackers

From helpnetsecurity.com

On December 9, 2021, a (now deleted) tweet linking to a 0-day proof of concept (PoC) exploit (also now deleted) for the Log4Shell vulnerability on GitHub set the internet on fire and sent companies scrambling to mitigate, patch and then patch again as additional PoCs appeared.

Read more…