I cringe whenever I hear a programmer say that a code fix will only take “2 minutes”. Because I know they’re setting themselves up for disappointment. Because it never takes 2 minutes. Nothing takes 2 minutes. Even 2 Minute Noodles don’t take 2 minutes.
This is why you don’t wait 8 months to fix security vulnerabilities, and also why you shouldn’t have such a bad attitude when security researchers try to help:
It’s interesting that Sky is neglecting to post Civet’s full response here (https://civetsolutions.com/civet-solutions-responds-to-recent-privacy-concerns) which outlines that Sky refused to work with them, and that they planned on moving to a user/pass system, however this relied on Sky giving appropriate disclosure time.