Researcher barred for demoing ATM security vuln ? The Register Though I've only met their Israeli branch employees, I can still say with some degree of certainty that Juniper has some of the best network security-savvy people around, though it tends to show more often in their products rather than in the "let's go hack something" shows that security experts sometimes like to have. What do you think, is this the right approach? Keep in mind that this sort of thing is not done for amusement (well... not just for amusement - we're geeks, we like breaking into stuff and see what makes it tick). It's primarily done to make vulnerabilities public, and thus get them fixed quicker, as well as to allow the people in the filed to learn more about the existing issues and how to avoid them.
I go with the 'Publish and be Damned' school. If there is a security risk, the manufacturers should be trying to prevent it not brushing it under the carpet. Let the public know just how safe their cash really is (not!) What better way to improve your security than employing a skillful hacker to show you in an honest way that your system is insecure, rather than treating them as third class citizens and have them steal it from you because they could.
