Security researchers have no obligation to do coordinated disclosure, especially for an organization engaging in harassing them and spreading misinformation about their projects.
I'm not sure why they would expect to get security issues reported to them when they're doing that.
Conversation
twitter.com/DanielMicay/st
Since this continued, we'll be putting substantial resources into an ongoing long-term response.
An ongoing response to these attacks is going to be starting. I'll be hiring people to address it rather than wasting development time on it. Fine with me.
Quote Tweet
I removed two recent Twitter threads about something causing a lot of pain to me. The person that I mentioned reached out. I'm not happy with their response, but I'm going to give them a chance to change course. Maybe they'll stop it despite not acknowledging they did anything.
