A secure democratic Net is a fundamental right

source (dutch)

Everybody agrees that there is nothing as dangerous as scada interfaces that are just on the internet (even if we put a few securitylayers around them) .  Scada is the special software and code written to control industrial production sites and water, electricity and other networks. They shouldn't been on the internet or connected to the internet and they haven't been developed to be connected to the internet but because of so many reasons that have nothing to do with security, some are and this is a problem.

A problem because security on the internet depends of so many different factors and can become a problem because of so many individual or combined issues that you can ask yourself if it is all worth it (especially the money you have to put into it).

and there is a database of those systems and those you can find only with networkscanning (not google-searching) and thought they were safe because they were not in Google (as if hackers only used Google).

It is called sodanhg.com and is online since several years and sells databases of vulnerable infrastructure and let you have some free information also

so a dutch securityresearcher used the database and started twittering the different vulnerable systems after a while... which made the headlines

He explained that he contacted the national cert but that they didn't want to tell him what they would do with the information, who would get the credit and so on and so he stopped talking to them and sending them information.

Which is a bit silly. I always send the information (also those that I don't publish here) to the cert from the moment I see a Belgian aspect and it is not my job to ask who gets credit or who does what (they are supposed to do something with it in the best of their capabilities

You shouldn't expect something in return when you are a security-activist, you should expect that some-one will do something with it (and you leave some time if that is necessary) between the moment you see it and send it to the CERT and the moment you have published it).

If you are in it for the fame and the money you should go and work for a securityfirm.