I truly believe this is a very important conversation.  Disclosure of vulnerabilities in a responsible manner is key to the continued maturity of the overall IT space.  Vendors need to be made aware, and they need to accept this input in the context of getting stronger and more secure, and avoid the defense mentality that often comes with feedback from ethical hackers.

http://blog.fortinet.com/post/responsible-disclosure-and-the-ethics-of-apt-research