Improving Cyber Security Or Damaging Company's PR

In the cyber world, there are two kind of hackers. Black hat hackers and white hat hackers. First one as name suggests tests and exploits the product to use it for negative purpose. But many security researchers test the product with the intention of finding a bug that black hat hackers, if find, can exploit. Such hackers having intention to report the bug to the company are 'white hat' hackers.

For all products of different companies researchers and 'white hat' hackers inspect the products to check security risks and give company a chance to improve it before the 'black hat' hackers find them.

Under these circumstances, its a debate either the defects should be privately told to the developer or it should be done publicly to force the company the improve the product's security.
A security expert, Bruce Schneier who has written several books on the subject, writes
 "If researchers don’t go public, things don’t get fixed, Companies don't see it as a security problem; they see it as a PR problem. And if there's no PR problem, it'll never be a priority."
But telling it publicly also opens the risk that 'black hat' hackers get hold of the bug and exploit it before developers fix it.