When I was at @PayPalInfoSec, we made sure that our terms allowed publication of findings after the issue was fixed. We believed (and I still do) that transparency lifts the ecosystem - all companies have security issues, trying to hide them only helps the bad actors.