I don't understand why there is such a debate here. I would absolutely disclose the 0-day if the manufacturer was unresponsive (given sufficient warning, of course). Moreover, if anyone died, I wouldn't feel the least bit guilty about that - the guilt rests firmly on the manufacturer and the individuals who choose to use the exploit.
After all, black-market exploits will come, and people will die, whether you disclose the vulnerability or not. At least with disclosure, the innocent have a chance to protect themselves.
You must weigh the lives lost to silence against the lives lost to disclosure. We practice disclosure in all other areas of computer security because we have seen the cost of silence too many times. There is no reason it should be different here.
After all, black-market exploits will come, and people will die, whether you disclose the vulnerability or not. At least with disclosure, the innocent have a chance to protect themselves.
You must weigh the lives lost to silence against the lives lost to disclosure. We practice disclosure in all other areas of computer security because we have seen the cost of silence too many times. There is no reason it should be different here.
Disclosure saves lives.