Not really all that troubling, all the author is saying is that he wants to get paid for their work.
Either Microsoft or other future vendors can actually honor an established bug bounty program, or the author can sell his findings to the highest bidder. Or the author can simply not spend time and energy finding bugs in the first place.
Don't miss the middle statement; the author thinks there are further attacks here, even with the fix. Others can also find and then choose to report/sell at their own discretion.
Pass a law that requires companies to pay black market value for bug bounties. It’s also unethical for big corporations to exploit the US oligarchy to get these fixes for free.
Either Microsoft or other future vendors can actually honor an established bug bounty program, or the author can sell his findings to the highest bidder. Or the author can simply not spend time and energy finding bugs in the first place.