As a software developer myself I can tell you that when people disclose security issues you kinda go through two emotions.
You're annoyed that you messed up. A troubling security issue slipped by you.
You're embarrassed that someone, a customer perhaps, found the issue and had to report it to you and may even have spoken to others about it before you (superiors, support staff, colleagues etc) which makes you look bad infront of your peers and your ego takes a hit.
Now for me when I first started developing I would really beat myself up a lot about this when people would find a bug and report it and I'd be a bit stand-offish and play down whatever the bug was as a minor thing or not my problem, blaming someone else or something the user did or ya know just generally being an asshole.
Over the years though I've grown as a person and now I respond to these the proper way. I thank people for reporting the bugs, I encourage them to contact me again about anything else they find, I have a bug bounty program, people get in-game currency (I'm a online game developer for client-server stuff) for finding and reporting bugs. The more information they can give, the more serious the problem, the more money they get. It has worked out brilliantly not only cutting down on users taking advantage of the exploits they find but also in the volume of reports we receive about exploits.
I think sometimes when we see these responses in the press where they are threatening to get the cops involved or press charges for responsible disclosures it's because either the developer or their manager has had their ego hurt like how I described in my points.
It's wrong, businesses need better management that has a way to handle responsible disclosures. I'm not saying every business needs a bug bounty program that's never going to happen but they need a proper protocol to follow that is respectful, keeps researches up to date on what they've reported and when it's being fixed.