One of the ongoing issues in the security industry is that there is no standardized form of disclosure. There are frameworks that have been put together, but only some companies embrace them. Other companies are openly hostile towards any solution that doesn't leave the power entirely in their own hands. Basically, many large companies feel that the public should remain uninformed, which then leaves the company free to keep producing insecure software.
Which is why I think there should be some attempt at a formal body, the EFF is in the right place to spearhead an attempt at implementing something along those lines.