I was rather stunned to read some of the commentary regarding the sale of Zero-Day exploits. It would seem that the current opinion is that security researchers should be happy to get any recognition at all, let alone fiscal renumeration for their efforts in securing buggy software. This to me is rather incredulous. What do these people want? Would they prefer that blackhat hackers and security researchers be the only ones who know of Zero-Day exploits? If so then stand by and watch your networks get rooted by these very same unpublished exploits. This really just slays me, and not for the least as it is those opinions are from people in the security community. Heh, one rather funny comment has a poster claiming that the exploit researcher should be stripped of his CISSP. That type of sanctimonious attitude is one reason why I will never, ever bother getting the CISSP cert. Talk about a joke of a cert.