I agree that the vendor is detestable, but we must decouple that sentiment from the idea that this blog post compromises Cellebrite’s product or credibility in any way.
As it stands, the vulnerability is not reproducible by anyone other than Signal. Reproducibility is key in the scientific method and in the court of law.
Also, not disclosing specifics is reasonable here, given that the vendor is themselves known for using, hoarding, and selling access to 0days.
There is no obligation for a researcher to share their research with such a corrupt vendor.