Just to clarify - the report was shared with us via a link to a document which was public accessible, but I don't think was linked from his homepage.

Also this was only shared after an initial discussion where we stated there were no mainnet users, and so it was very unlikely any funds were at risk.