Computer security firms are in business to make people feel better about their computing experience. Make no mistake, it's as much an "emotional" sell as it is providing an actual service, especially seeing as how most of said software is quite often part of the problem.
Vista is now available to the public, with Microsoft spending $500 Million dollars worldwide to educate the masses on why they should feel good about the most secure software they've ever produced. But security companies don't benefit from people feeling safe and secure about their OS the way it is... they make money from people feeling as if it is some flawed thing that they are forced to deal with.
On top of that, security firms like eEye and F-Secure gain credibility by remaining in the news. Though Vista has been beta testing for a very long time, it's not in those companies' best interest to give Microsoft feedback to make Vista more secure.
I'm willing to bet that these companies have all found Vista issues that could affect security, and are keeping them close to the vest, at least for now. But they're going to have to start counteracting that $500M some time, and when they do, I'm gonna bet that the issues they "disclose" are issues that they could have resolved earlier in the testing process.
But maybe I'm just cynical that way.