Security companies of all types release information about vulnerabilities...that's nothing new.
Sophos has been around for years and are widely acknowledged as a leader in security software...they simply aren't that well know in the US. Same goes for Kaspersky...been around for years, but the marketing giants of McAfee and Symantec are simply more well known in the states.
I'd rather someone out there let folks know about these issues when they find out and it never hurts if they also provide a solution.
If they had known and *not* told anyone, they'd take a beating for that.
Just my $0.02.