When a crisis hits large companies usually pull out the crisis manual. Many, written by PR pros with dozens of years of experience at spin control, vetted by attorneys and endorsed by very senior management approve of them, without realizing that the Internet has changed things.
In Cisco's case they did many things wrong. First, instead of taking an approach that software companies take when an exploit is found and seeking to work with the hacker/cracker, they went the other way and through lawyers and court orders against the problem.
All that did was make the problem bigger. Sure Lynn found a hole to exploit, but now Cisco opened the door to every hacker and instead of saying we'll work with you to help make our products better, they took the approach to use their mighty reach to set themselves up for more attacks, and left a bad taste in the mouths of the community that likely has more clout than anyone realizes.