The only responsible thing to do after they didn't respond to his report was to make the vulnerability public. So this was the right thing do.
He didn't mention that he had contacted them.
@cuddlefish: Could you please clarify if you contacted them prior to the full disclosure, and how long. Thanks!