Irresponsible -- or worse, some say.
No surprise there -- this sort of thing comes up from time-to-time, and the back-and-forth about its ethics (or lack thereof)comes up right along with it.
That's one that won't be solved, certainly not any time soon.
But any time soon applies to patching the bugs as well: Some of the holes Intevydis is revealing have been around for years. They don't get patched for a variety of reasons, but one that we've all heard is that a particular vulnerability is "low priority."
Maybe so -- for the software maker. How low the priority for the exploiters, though, is a question, at least one of them, that the Intevydis revelations may begin to answer.
The Intevydis blog discussing the month of bugs is here.