[hmage]

Google Project Zero is doing exactly that -- disclosing them in 90 days no matter if they're fixed or not.

This kind of pressure is helpful, because otherwise stories of OP will be dominant and security problems will stay unpatched.

[bllguo]

but do they trumpet on twitter that they have an exploit and will release it in 90 days?

that's the difference

[driverdan]

They have a public issue tracker (issues are withheld from public for 90 days): https://bugs.chromium.org/p/project-zero/issues/list

and a blog: https://googleprojectzero.blogspot.com/

and a Github org: https://github.com/googleprojectzero

and their members do tweet about their findings on their personal accounts.

But no, they don't have an official Twitter account.