I think there's a good ethical argument for releasing the knowledge, not so much the tool. I think the open secret is that most people who go into cybersecurity do so because they enjoy breaking security through clever methods rather than actually helping others stay secure.. but security research is legal and hacking random targets isn't.
I'm in the security industry, and this is absolutely correct. There are definitely many who carefully release PoCs when appropriate (giving vendors enough time to patch, etc.), but a LOT of these tool releases are done mostly to show off how smart we are and get clout. You see this big time every summer, as researchers all scramble to get a Defcon tool talk slot with some new thing they wrote, before immediately abandoning it post-con.
Obviously, it's not like anything can or should be done to change this, as it's mostly just human nature, and keeping the security industry capable of operating legally and in the open is paramount. But sometimes people just wanna brag. And they get big mad about it and sputter about how literally any possible end justifies literally any actual means if you point it out (see: the other person responding to the top level comment lol)
