This is probably a fairly hot take but I believe that researchers shoudn't normanize providing this level of detail unless they have been explicitly hired to do so.

The industry is pretty messed up and it sometimes feels like researchers/pen testers/bug hunters are effectively subsidizing and protecting shitty security practises.

> The industry is pretty messed up and it sometimes feels like researchers/pen testers/bug hunters are effectively subsidizing and protecting shitty security practises.

In my opinion, this is a result of there being little/no consequences of being breached due to incompetence. Zyxel isn’t losing anything from this, and has no incentives to be better.