The problem is that the incentive here is for Onity to NOT disclose anything and keep on going like nothing happened. They'll get around to replacing them one day, and it hasn't caused any huge scandal yet, so what the hell right? It can wait! The alternative: a lot of bad press and millions of dollars in hardware fixes. Contrast that with a software fix delivered through the internet, instantly fixing the hole.
Then there's the matter whether Onity seems like a trustworthy company, that would do the right thing. A company whose ONE job is to make electronic locks, but still has an obvious security hole in their system is either 1. really stupid or 2. knows about it and has done nothing. A security whole in a beast like Windows (which main purpose is not security btw) I could understand and sympathize with. A lock is not nearly as complex. Either way I wouldn't trust them to do the right thing.