Intelligence agencies and criminal hackers use the same techniques that white hat security researchers do, so every time I read about an attack like this, I wonder who else discovered it and reverse-engineered it, when, and how they used the knowledge. Imagine the irony (assuming Flame is an American product) if China had discovered Flame first and used its technology to conduct industrial espionage against U.S. companies. In fact, getting first crack at advanced technology is great incentive for rival powers or criminals to cooperate with targeted nations. Our next target might solicit the help of Chinese or Russian hackers, government-affiliated or not, who might be very happy to help so they could reverse-engineer the attack and replicate it themselves.
Even worse -- and this is off-topic so I'll keep it brief -- I don't know if the intelligence gleaned from this operation would produce any benefit at all. Theoretically, if we discovered that Iran's nuclear program wasn't a threat, we could save ourselves a lot of worry. It might save a lot of time and money, and possibly even save lives if it prevented military action. But after Iraq who can be confident that an accurate assessment of the threat from Iran would have any effect on policy? We might be disseminating dangerous knowledge for nothing.
I really don't think that the failure of accurate intelligence to drive policy in the past suggests we should give up on trying to have policies driven by facts.
Even worse -- and this is off-topic so I'll keep it brief -- I don't know if the intelligence gleaned from this operation would produce any benefit at all. Theoretically, if we discovered that Iran's nuclear program wasn't a threat, we could save ourselves a lot of worry. It might save a lot of time and money, and possibly even save lives if it prevented military action. But after Iraq who can be confident that an accurate assessment of the threat from Iran would have any effect on policy? We might be disseminating dangerous knowledge for nothing.