They're desperate for the hype.

Vulnhunter isn't that exciting but if you scroll down their feed you'll see "guide to common rust errors" which... also isn't very exciting. I think they just need to publish something every week.

fwiw I have seen good whitepapers from them. A while back I used one about their IVR to get exec buy in for re-doing my company's IVR into something a lot better.

Eh, Capital One has long been surprisingly progressive on open source and whatnot. They were one of the first to properly adopt OAuth to connect accounts, too, back when Plaid/Mint/etc. were mostly proxying logins.

https://www.capitalone.com/tech/open-source/

https://developer.capitalone.com/documentation/o-auth