Despite the end result of the cycle, in the long term of making better software through embarrassing disclosure, it really does leave a negative impression on "why should this be made open source?".
The act of making something open source really can result in pain without any measurable gain or positive. Measuring things this way really isn't a good equation for open source.
100% of the people looking for exploits, and a very small percentage of everyone else.