Today several bloggers commented about bugs in Safari Windows Version Beta.A controversial one by David Maynor and Inaequitas, many news postings and a whole bunch of comments. One argument, that was repeated in a lot of places, as a basic ethical stand when dealing with security issues, is that, one should not be divulging security and other issues to the public during beta/ctp.
I have been participating in pre-release programs with and without NDA. In all projects that I have participated, there were never an ethical issue for posting the findings in public forums. In most cases it was considered healthy. I remember other incidents like several Symantec reports about Windows Vista security issues very early in the CTP stage.
In my opinion, when a company publish content to the public space, whether it is labeled as alpha or beta or CTP or release without explicit binding constraints, it is in public domain. I do partly agree with David that providing information about issues with software in public domain should not be considered as a bad practice. If the company that produced the software is incapable of responding to it in a timely manner, they should be held responsible.
I always wonder, what other industry in the world will have a statement like "this product is sold as-is, ...." and a fool proof indemnity clause as a standard statement of service.
If software industry want to be as reliable and predictable as other industries (like aerospace for e.g), it need to shed the special status it always crave. It is just another industry. I work in a factory, that looks very nice, makes me happy and gives me good amount of money. I have been to enough discussions that elevates my vocation into a great intellectual exercise. Now I want to produce. I do not have much sympathy towards other software vendors. If you cannot survive in a demystified market place, you will simply wither away.