There has been alotofsquabbling about disclosing security issues, specifically in the Linux Kernel as of late.
This is probably getting a lot more attention than it should. There are two ways this can be dealt with.
1) Insist the bikeshed be painted your favorite color. Complain to no end that it's not fair that you have to look through the source code to find your own fixed security issues. This is open source, everything is full disclosure. The guys who take care of the Linux Kernel do a top notch job, and they cover the security bits quite well. I've yet to see anyone who isn't an annoying troll say something negative about the job they do.
2) Deal with it. Dig around in the mud, find the problems, talk about them, fix them, write exploits for them. This is what myself and a team of very bright people do for Red Hat. It's not always pleasant (usually not), but we deal with it. Sometimes things are embargoed, sometimes they're not. We don't complain about it, we do our jobs.
The goal here is to keep the end users safe. Not to become famous, not to get a t-shirt made with our catchy slogan on it. Safe users. That's it.