DrHappiness.
disclosing stuff in this way is common for software vulnerabilities, and 3 months is a generous amount of time if the fix does end up boiling down to "add a signature file to check this file wasn't tampered with". more info keyword is Coordinated vulnerability disclosure.
there are significant issues with keeping issues like this behind closed doors and only essentially leaking this information to certain parties:
- what stops them from leaking it to others who don't have good intentions?
- what is actually the common knowledge in the community as it is right now? we already knew about sv_pure bypass stuff with muzzle flashes and the like.
- can you imagine what league bans would look like? "why was i banned?" "you used an exploit." "which exploit?" "well we can't tell you since valve hasn't fixed it yet"