[nullwasamistake]

It became morally bad to delay any longer once it was obvious that multiple teams were finding the same bugs. There's a crap ton of people listed as discoverers in the CVE's.

Who knows how many other actors discovered the same bugs and didn't say anything? Likely multiple, honestly.

We've finally run into a real life proof of why bug embargoes are bad. This is the first time I know of that multiple people independently discovering the same thing before the embargo period was over.

[krageon]

Saying something is "morally bad" doesn't really make sense unless you also define the moral framework that it is bad in. As you did not do so, it reads as if you expect the reader to understand what morality it is bad in (maybe even that it is obvious).

[nullwasamistake]

Hiding bugs that bad actors likely know about is morally bad in NY book