@sw33tlie@albinowax I would never release a real critical. But tbh, the real-life risk for 99% of issues is very low...
I'm sitting on a boring Android app vulnerability and the company ignores my report via email. And I have absolutely zero ethical concern to publish that soon.