I have a post over at the Verizon Business blog (Considering Vulnerability Disclosure in the Realm of SCADA Systems) about how vulnerability discovery and disclosure impacts risk. Although it provides a basic risk model that can be applied to any situation, it focuses on the recent SCADA disclosures by Digital Bond and Rapid7. These are some of the smartest people in our field and yet they insist (by implication) on increasing risk to make a point. I sincerely hope they reconsider their actions in the future, before any serious damage is done.