The bar-none biggest problem in "IT Security" is everyone blames the hackers instead of the people responsible. Cowardly devs and incompetent managers.
If every researcher began publishing findings without prior notification, perhaps these douchebags would start taking their responsibility seriously and take steps to actually reduce vulnerabilities. As it is, this faux consideration and artifice of "responsible" research leads inexorably to persistent do nothingness. I have zero sympathy.
Again, the problem ain't the hackers.