The idea was that you announced you found a weakness with/flaw in/problem about a lock to the public but didn't announce exactly what that problem was* for some short period of time. You informed the manufacturer and gave them just a bit to fix the issue or withdraw the lock from sale before going full public**.
*Consumer Reports did this back in 1991 with the Kryptonite u-lock
**Consumer Reports did not do this and Kryptonite continued to sell locks that could be opened with the body of a Bic pen for the next ten years!
That might make sense when the problem is one that others aren't likely to find in the meantime. In the case of the Ottolock, the exploit was so simple and obvious that consumers should definitely have been told the specifics right away.
I think it's also suspect how informed the consumer really is if they don't know the exact nature of the problem.
I think reasonable minds could differ on whether violating this "norm" is a con or a pro, especially in a market where vast numbers of a product can be moved much faster than in 1991.
I appreciate your taking the time to explain this even if I don't agree with you (I think--you're obviously way more familiar with the issue than I am).