It is unfortunate that this is going to just result in a criminal filing against him.
While it was irresponsible, no one was hurt and reporting these vulnerabilities in the "appropriate" manner would likely result in the company trying to cover up the vulnerability citing some sort of DRM / trade secrets reasoning.
While it was irresponsible, no one was hurt and reporting these vulnerabilities in the "appropriate" manner would likely result in the company trying to cover up the vulnerability citing some sort of DRM / trade secrets reasoning.
For this reason I am glad that he did this.