It needs to be understood that if you react this way to responsible disclosure practices, your company & you personally will be subject to irresponsible disclosure practices.
Oh, I've already learned the lesson loud and clear. If I ever discover a vulnerability to disclose, I'm releasing it anonymously on pastebin sites while logged into Tor through a VPN from a free WiFi spot.
And, of course, sign it with a new PGP key you've just created, so that if you ever need to release a follow-up with proof that it's you, or come forward as the author of the disclosure, you can.
Connect to the VPN after connecting to Tor. Putting the VPN in there can actually lessen anonymity due to a financial relationship. So make sure you procured that VPN anonymously, via Tor, with a crypto currency that you have mixed.
This is my plan too. Responsibly disclose anonymously. That should prevent our corporate lords from sending SWAT teams into our homes.
Would you do this to a company that has a clearly stated responsible disclosure policy and respects your efforts? Especially if it involved commonly used desktop software that would harm many people by ignoring an existing policy?
No, I wouldn't do it to a company that has a history of handling disclosures properly. But for every one company that does that, there's a dozen that are clueless.
And, of course, sign it with a new PGP key you've just created, so that if you ever need to release a follow-up with proof that it's you, or come forward as the author of the disclosure, you can.