It's sad but accurate. The safest route for the reporter is to sell it to people who want to attack their enemies, the vendor wont bully them, administrators wont attack them and you're shielded from criticism.
It's unfortunately common for administrators to believe security is the state of perpetual ignorance of vulnerabilities that affect them, if Windows Update says "No updates available" then you're secure. If you tear them from that blissful ignorance, then they get angry and shoot the messenger.
Security researchers do not introduce insecurity, they expose it. This is apparently a very hard concept to grasp for a lot of people.
It's unfortunately common for administrators to believe security is the state of perpetual ignorance of vulnerabilities that affect them, if Windows Update says "No updates available" then you're secure. If you tear them from that blissful ignorance, then they get angry and shoot the messenger.
Security researchers do not introduce insecurity, they expose it. This is apparently a very hard concept to grasp for a lot of people.