Every time I see stuff like this (Lynn vs Cisco or Paget vs HID), I can't help but think this: every "whitehat" guy at least knows someone who knows a "blackhat" guy (I am guessing here, but you get the point ... if you think that the above is too extreme replace with "knows someone who knows someone who knows a "blackhat")
Don't companies that try to suppress security research understand that if you do this to a security researcher, even the most ethical guy in the world will be tempted to JUST LEAK IT.
If you corner a rat, it bites. Don't corner security researchers :-) they have bigger teeth... much bigger. You want to suppress the legitimate security research? You think you just did? Go suppress the entire underground now!