The security researcher in this case worked for free to find a hole in their security, reached out via a provided email address, had that bounce, so then chose to reach out via a different messaging system to let them know that there was an issue. ALL OF THIS WAS UNPAID. They have 0 or less responsibility to this firm. The researcher was doing them a huge favor.
> Security researchers get high and mighty extremely quickly, which is immature IMO.
Immature would have been not trying to responsibly disclose this, or disclosing the hole before it was patched.
> Security researchers get high and mighty extremely quickly, which is immature IMO.
Immature would have been not trying to responsibly disclose this, or disclosing the hole before it was patched.