I think this article describes the issue well:

https://crankysec.com/blog/community/

> All the cybersecurity companies saying "We don't have anything to say about this situation." is just them being true to their main in-group: for-profit companies that don't want to upset a big current or potential buyer. They are, first and foremost, part of that "community", and they happen to be involved in cybersecurity. Solidarity is happening there, just not to the people in cybersecurity.

This sucks and we should change it for sure. So many other industries have successfully become professionalized, unionized, and kicked the grifters to the curb. But it feels more and more like the cybersecurity grifters are the ones holding the reins.