In that case it would be better to inform future customers so they don't buy the faulty lock, rather than throwing together an in-depth tutorial on how to take advantage of the lock. Especially since, unlike a lock, software can be updated to fix the problem.
"There's a known exploit that has yet to be fixed"
But then there's an issue of trust. Without documenting the exploit to the public I suppose no one would believe you.
Nevertheless the consequence of releasing an exploit to the public is that you've also informed nefarious players. Actually it's worse than that. Likely the nefarious players are the only ones paying any attention to stuff like this.
Perhaps what's needed is a trusted third party middleman who can verify an exploit exists without releasing it to the general public?
"There's a known exploit that has yet to be fixed"
But then there's an issue of trust. Without documenting the exploit to the public I suppose no one would believe you.
Nevertheless the consequence of releasing an exploit to the public is that you've also informed nefarious players. Actually it's worse than that. Likely the nefarious players are the only ones paying any attention to stuff like this.
Perhaps what's needed is a trusted third party middleman who can verify an exploit exists without releasing it to the general public?