This really sounds like you’re back-solving from a pre-existing ideology of complete openness. A customer’s ability act early, e.g. mitigate, is quite clearly context-dependent. I can think of vendors I interface with as a customer that I’d prefer had vulnerabilities ‘responsibly disclosed’ to them. Nothing in technology is this simple. The absolute nature of your claims make it near impossible to actually take this seriously.