Don't know their specific process, but this sounds like "we got a bunch of submissions and yours didn't make the cut."
Honestly, rather than this being a nefarious "too dangerous even for defcon" like your wording suggests, I think the author knows why it didn't make the cut and snarkily addressed it:
> I’d love to write a long detailed blog about getting a root shell via UART or extracting the firmware via JTAG and then reversing it, but the honest truth is I found a vulnerability in the webapp in the first 15 minutes of having the unit online and it was the first thing I tried.
So my guess is so basic it just wasn't interesting enough. /shrug
Don't know their specific process, but this sounds like "we got a bunch of submissions and yours didn't make the cut."
Honestly, rather than this being a nefarious "too dangerous even for defcon" like your wording suggests, I think the author knows why it didn't make the cut and snarkily addressed it:
> I’d love to write a long detailed blog about getting a root shell via UART or extracting the firmware via JTAG and then reversing it, but the honest truth is I found a vulnerability in the webapp in the first 15 minutes of having the unit online and it was the first thing I tried.
So my guess is so basic it just wasn't interesting enough. /shrug