In fact, it's not just about designs that work, or designs that are fast, but getting into the practice of estimating complexity in terms of hardware numbers also makes for safer code, especially where validating user data is concerned.
Just recently even, it kept me back from what might have been a potential denial of service in https://github.com/ronomon/mime, and lead to discovering a vulnerability in several popular email parsers (https://snyk.io/blog/how-to-crash-an-email-server-with-a-sin...).
I think Martin Thompson summarized it well as "Mechanical Sympathy": https://mechanical-sympathy.blogspot.com/2011/07/why-mechani...
One rather off-topic observation: April 23 to June 25 is somewhat shorter than the 90-day window you mentioned. ("A few days before the 90-day public disclosure deadline...") What was the reason for that? It doesn't appear to be because those who were going to fix it had already done so - they published their fixes after the public disclosure.
(I'm just curious, not criticizing or anything.)
Regarding the 90-day window, you are spot on. I never realized that until now. I made a mistake with the month, it should have been July 25 not June 25, so it came out after 60 days, not 90 days as I intended.
That's evidence #1236577 that I have no clue at all!