This article discusses whether the Month of Apple Bugs is responsible disclosure:
Humorously, they quote eEye as supporting ethics even though they have long been famous for their lack of ethics.
Attempts at ethics usually go badly. Dave Maynor discovered numerous critical vulnerabilities in everybody's Wi-Fi stacks. He notified vendors, and when doing his Blackhat talk about the subject, bent over backwards to hide details that would help hackers. To his credit, a lot of these bugs have been fixed without hackers taking advantage of them. However, Apple successfully exploited the lack of details to attack his credibility in order to cover their own asses. In other words, his attempts at ethics backfired.
Ethical handling of a vulnerability is a two-way street, requiring good behavior on both the researcher and the vulnerable vendor. Apple is not an ethical company - it's not just the Blackhat incident, but a track record going back several years. We've got more Apple bugs in the works. We are going to release them directly to the community (with maybe a pre-release to Landon Fuller) without giving Apple's PR machine enough time to attack us.
If Apple wants the research community to treat them better, they will have to treat researchers better. I suggest a good first step is that they draft a "Responsible Disclosee" policy on their website that discloses exactly how they will handle notifications (such as pass them to their engineers to fix rather than to their PR team to cover up) and which promises that they WON'T threaten, sue, buy off, character assassinate, or otherwise intimidate the researcher.