If we need to perform surveys before we making generalized statements, we might as well close down this group all together, lol.
IMO, we need to encourage the white-hats into the fold as opposed to excluding them or somehow trying to impose unrealistic boundaries while not coddling the end user and sitting on bugs. Once a VULN is patched, NOT publishing the details of a hack is not resulting in any more protection. Who knows...perhaps routinely publishing these details will make users more aware of the issue and more apt to patch their sites (not very intuitive, but who knows).
That said, making any kind of soft demands/guidelines about what should or should not be said once the patches are released seems pointless.