Cloudflare sat on the information without disclosing for as long as possible, until white hat security forced them to disclose. I remember the drama and the vile response from Cloudflare pointing the finger at others for disclosing "too early." It's likely they would have never made a public disclosure. Given the nature of the data leaked, this alone is fraud and this man should be in a jail cell without bail while a full investigation is completed by affected governments.
@dang (?) this is not a dupe, it contains a lot of various interesting information not only related to Cloudbleed, especially in the second part of the video when they eliminate all the core dumps (going as far as updating micro code because of an hardware issue)
This is here because of a long write up I've been doing of things I've experienced and learnt in seven years at Cloudflare: https://news.ycombinator.com/item?id=19062674