[smlckz]

> Because various entities tried to exploit that to defer any publicaton, which lead to things never getting fixed.

Also understandable.

> [...] so they can take their own protective measures.

Little can the ordinary citizen do whose data is at risk of exploitation. All responsibility lies on the government because the citizens do not have any other choice, as it seems to me. What protective measure can someone take who is vulnerable?

With a thorough reading of the article, it is clear that the hackers are aware of what they are doing:

> Once threat actors catch wind of major vulnerabilities against an organization they begin poking on their own, looking for more vectors of attack.

[bee_rider]

The industry standard seems to be disclosure to the entity followed by a reasonable grace period, at which point the bug is disclosed to the general public (where there's room to quibble in what the definition of "reasonable" there is).

I'm not sure that helping individuals protect themselves is the main goal, though. It is important that entities respond to these issues in a reasonable timeframe, because if a small group of researchers, academics, or whatever can find a bug, then other nations' intelligence agencies or industrial espionage groups can as well.

Realistically, in the case of companies, the best an individual can do is not do business with them. In the case of government agencies in democratic countries, public pressure is the probably the way to go.

[vijaybritto]

> What protective measure can someone take who is vulnerable?

Like deleting your sensitive documents that you have uploaded already. Removing contact information and other personal details.