Spender has a much more nuanced, informed view. I think it covers the issues of the CVE process well, but doesn't make the same mistakes that Greg does.
https://www.grsecurity.com/reports_of_cves_death_greatly_exa...