I will say as a security professional stuff like the cups vuln is a two sided problem. On the one side we tend to be terrible at people skills so we sound like the boy who cried wolf, or chicken little, which makes us easy to bruah off, then we are really quick to scream I told you so and give the means to exploit these bugs away. On the otherside though the people running projects tend to take the work researchers do for granted, and are quick to brush things off when they don't understand them, which is a huge problem because a lot of these bugs exist in the realm of "Why would anyone ever do that"
https://fountain.fm/episode/8VbH5kESaa39njdlV1MK
nostr:nevent1qvzqqqpxquqzq7ts43xrnm259faztfh9nemcw059d6az2ftw0jp66ku5jzrqy9xa2tvvtm