The only responsible thing to do after they didn't respond to his report was to make the vulnerability public. So this was the right thing do.
He didn't mention that he had contacted them.
@cuddlefish: Could you please clarify if you contacted them prior to the full disclosure, and how long. Thanks!
I've reported it to them, they've sat on it; I assumed they read these forums.