If you are referring to the OpenSSL project's announcement of Heartbleed then you should be aware that they did not advertise the Zero-Day Exploit UNTIL they had determined a fix for it. Thankfully the fix was pretty easy to make inside the project.
Originally Posted by Mar-Evayave
They needed to advertise it so that all the companies who just download the source code themselves and compile it (it's open source) would know to do so again and get the latest patch.
As open source they don't have a list of customers they can send secured emails to, it's available to anyone, anywhere to download, compile and use.
Whoever says “I” creates the “you.” Such is the trap of every conscience. The “I” signifies both solitude and rejection of solitude. Words name things and then replace them. Whoever says tomorrow, denies it. Tomorrow exists only for him who does not seek it. And yesterday? Yesterday is Kolvillàg: a name to forget, a word already forgotten.
The Oath: A Novel by Elie Wiesel