If you don't then your users should have the right know, so they can decide for themselves whether or not the risk is worth it.
Do you think that just because a project doesn't disclose something it goes away, or that if google can find the bug that much better funded groups like the NSA or malware vendors can't. Shoving things under the rug is the worst outcome.
alt Hacker News
Well either you care about security or you don't.
If you don't then your users should have the right know, so they can decide for themselves whether or not the risk is worth it.
Do you think that just because a project doesn't disclose something it goes away, or that if google can find the bug that much better funded groups like the NSA or malware vendors can't. Shoving things under the rug is the worst outcome.