Scoble has an update on the Kryptonite lock thing, with lots of details over on the Red Couch blog. This is the piece (from an email from Kryptonite) that caught my eye:

Question: Knowing what you now know, how would Kryptonite have responded to the BIC picking revelation today as opposed to how you handled it when the story broke?

Answer: I'm so glad you asked me this. To answer it correctly, let me go backwards for a minute. It's been said, over and over, that Kryptonite "ignored" the issue for days until some article or other came out and 'made' us look at the issue. There's that game of telephone again. The first day of the claim that 'all Kryptonite locks' were bad we quickly looked into it to see if there was any validity to it. At that time we also answered any emails that came in about this claim that we were working on the possible issue and would get back to them within 24-48 hours. Now, in hindsight, maybe we should have posted this statement on the website. But, at the time, we didn't know what the potential issue was, if there was any issue at all. All the talk of us 'knowing' about this for years simply is not true.

The problem metastasized because of the apparent silence from Kryptonite - responding privately to emails and phone calls wasn't helping, because the silence on the website made it look like they were doing nothing. What they were actually doing mattered a whole lot less than that perception.

A short statement on their website to the effect that they were looking into the problem, and would respond fully when they had all the facts, probably would have helped a lot.

That's the lesson that every company needs to take away from this incident. It doesn't matter if the facts (or the law, or whatever) are on your side. If a blog storm crops up, it could lead to a media storm. You need to get out in front of that as fast as possible, and get as many facts out as possible too. Staying completely silent while the waves crash just isn't going to help you out.