Security & Hacking: "Security firm finds SCADA software flaws; won't report them to vendors"

http://www.computerworld.com/s/article/9233916/Security_firm_finds_SCADA_software_flaws_won_t_report_them_to_vendors

Snippet:

"Malta-based security start-up firm ReVuln claims to be sitting on a stockpile of vulnerabilities in industrial control software, but prefers to sell the information to governments and other paying customers instead of disclosing it to the affected software vendors."

So why can a company like this see the value of SCADA security, but the companies that use and make SCADA related software not?