Ralph Langner: Vulnerabilities in control systems as a result of Project Basecamp will change things. He says the community has been obsessed with thinking about irresponsible disclosure. The vendors and ICS-CERT have come up with a theory that these are not vulnerabilities because they are design features, so we are not disclosing vulnerabilities any longer. The attacker really doesn t care if this specific problem or issue is due to a programming error or if it just was is just due to let s say a bad design decision.
Source: https://threatpost.com/market-fail-regulations-may-be-only-hope-securing-critical-infrastructure-020112/76161/