This seems like an area where a trusted organization (perhaps the EFF?) could do a lot of good by creating a "for dummies" webpage where the vulnerability disclosure process is explained in layman's terms (i.e. with suitable car analogies...) from a website owner's perspective. Those who discover a vulnerability in a company's IT infrastructure can then submit a link to this page with their reports.