One dude running an X account is not indicative of a community to be honest.
That said, that dude has a point. "Researchers" chasing clout with their names attached to CVEs is kind of ridiculous. Half these CVEs are missing bounds checks that can be fixed with a patch in as much effort as writing up the blog post announcing that there was a missing bounds check.
I guess that the perceived problem from a security perspective is that they're there, not that they're necessarily hard to fix once found.
The main beef is the noise created around these disclosures instead of sending patches to fix the bugs.