Would you do this to a company that has a clearly stated responsible disclosure policy and respects your efforts? Especially if it involved commonly used desktop software that would harm many people by ignoring an existing policy?
No, I wouldn't do it to a company that has a history of handling disclosures properly. But for every one company that does that, there's a dozen that are clueless.
