Why are you under the impression that there are no ethics in security research? From my perspective, it seems like most people try to adhere to responsible disclosure procedures. Maybe you're not hearing about those because they're not major news (i.e. quietly being credited in a patch report). Irresponsible disclosure seems like a surefire way to burn bridges in the industry, and most professionals are looking to further their career, not sink it. Some people may only be after notoriety, but I do not think they are the majority.
I think it's foolish to assume that no one else knows of a vulnerability. Like Ziggy said, if a vulnerability exists, it's a vulnerability regardless of how many people know about it. I know people that discover dozens by just letting fuzzers run in the background. If there are hundreds or thousands of others doing that as well, more than one person will stumble upon the same vulnerability sooner or later.
Maybe you only identify it as a DoS vulnerability while someone else has nearly completed a stable exploit for it. Is it ethical to withhold information until a vulnerability is being widely exploited? What if the vulnerability is being exploited in targeted attacks and isn't shown as "active in the wild?"
If the vendor can't/won't patch it in a timely manner, it's still beneficial to notify AV, IPS, and similar vendors that can compensate by beefing up other security controls. Likewise, administrators may be able to take steps to protect themselves as well (i.e. disabling a non-essential service that has a critical remotely-exploitable vulnerability).
The day you stop learning is the day you start becoming obsolete.