Is more openness from Security Firms good or bad for Cyber Security?