The Log4j debacle showed again that public disclosure of 0-days only helps attackers
Public vulnerability disclosure happens quite frequently, for vulnerabilities in a wide variety of software, from the most esoteric to the most mundane (and widely used).
