you must be unfamiliar what used to happen before hard deadlines were set on disclosure. it was much worse for the users.
replyhere is a good start: https://projectzero.google/vulnerability-disclosure-faq.html...
there is ~3 decades of more context if you search for it.
tldr: if security issues don’t get disclosed (or the real threat of disclosure) they won’t get fixed / prioritized.
reply