In my book the good ones are the ones who expose vulnerabilities and talk about it. A guy called me over and said, “Hey, let me show you something.“ About half the buildings in Canada are locked with a key proximity card called HID. He has discovered a way to hack it remotely. He works for a big company. He's disclosed that to the manufacturer of this card, just like a year ago when people disclosed vulnerabilities in cars like the Jeep Grand Cherokee that could be remotely hacked.
I did learn something interesting. Although General Motors and the companies behind it have put out fixes, major car rental companies haven't bothered to implement those fixes yet. You may be renting a car in the U.S. that's still hackable because they don't want to lose the revenue and take it off the line.
My point is that things have to be done. The hackers provide the information, but then it's up to whoever's responsible for the data, or the car in this case, to do something about it.