The debate between 'responsible disclosure' and public or 'full disclosure' has been argued ad nauseum elsewhere. but it really comes down to trust.
If you don't trust the people you are responsibly disclosing to, to actually fix the problem, or worse to not sue you or attempt to get you charged as a criminal (the CFAA is particularly abusable), then full, public disclosure may be your only option to force the vendor to fix their product or service.
Remember, it's already broken, and you may not be the first person to have noticed.
If you don't trust the people you are responsibly disclosing to, to actually fix the problem, or worse to not sue you or attempt to get you charged as a criminal (the CFAA is particularly abusable), then full, public disclosure may be your only option to force the vendor to fix their product or service.
Remember, it's already broken, and you may not be the first person to have noticed.