As a somewhat useful (?) example, cisco publishes a buglist that is visible
(searchable, even, over the web) for all customers.  However - there are
valid reasons for not publishing some of the bugs.  For example:

1) Internal issues.  For example, if there is a relatively simple way to
   speed up some aspect of operation, found by source inspection or whatever,
   that isn't likely to be published.  "xxx could be faster" isn't really
   a bug, anyway.

2) bugs found in unreleased software.  These should get updated if the
   software is released before the bug is fixed.

3) bugs that have a significant security impact.  There is a well-established
   procedure for security-related bugs, and it does NOT envolve telling the
   world how to exploit the bug before there is a fix in place.

Publishing all your bugs isn't necessarilly a great thing.  I see about
4000 bugs "open" at the moment, so it's not exactly bedtime reading...

BillW