Regardless of which company is involved, shouldn't serious security flaws in any security equipment be touted from the highest mountain top?? Broadcast loud and clear to all who need to know??
Shouldn't WE as security professionals WANT 'scandals' bought to light and made public for all to see?
Speaking only for myself, if it takes a good roasting in the media (ie; emotive headlines and lots of publicity) to force the manufacturer of any product to step up, admit the vulnerability and FIX it, then I say, Roast ON!
Far better that, than having vulnerabilities left un-patched and potential breaches left exposed in important facilities.
If the manufacturer acknowledges things and fixes vulnerabilities without the media storm, all well and good. You can report a "we found this and Company X immediately acknowledged the issue and has released a new firmware which can be downloaded from their website" - but if they won't acknowledge the issue, then.... *shrug*
As far as HikVision is concerned, full disclosure - I use their products. And not just at work, but also for my own house.
I also make sure I'm patched and firewalled and VLAN'd and secured as much as my IT prowess will allow. Not BECAUSE I'm running HikVision, but because it's bloody good sense to do so, regardless of the product!
It should also be mentioned that IPVM had most of their recent "scandal" articles as "no subscription required" to view them, so - you know - hardly forcing membership down peoples throats!