It's amazing to me that anyone could find exposing flaws privately to a company could be construed as hurtful in any way. The mere benefit of having someone tell you about a flaw that you were not aware of could save you millions (if not billions) in lost revenue and PR damage.
If your software has enough attention to garner free QA checks from security firms, I believe you should praise those checks rather than complain.
If your software has enough attention to garner free QA checks from security firms, I believe you should praise those checks rather than complain.