Bruce Schneier and Marcus Ranum debate over whether vulnerability research is ethical. Schneier argues that the ability to break a system is a precondition for designing a more secure system. Ranum disagrees with Schneier, but says he doesn’t think being a ninja “breaker” makes one a “ninja” “builder” doesn’t have the skill required to design a secure system, he says. He says the last 20 years of software development (don’t call it “engineering,” please!) refutes this position.”]
Source: https://taosecurity.blogspot.com/2008/05/response-to-is-vulnerability-research.html