The author spoke of uncertainty that CVE will be around, and also said that some parties involved didn't appear forthright on some occasions. What wasn't clear to me is the "What's your threat model?" here.

I'd guess the threat model to include things like "How likely is this org to disappear from the face of the Earth?" and "How susceptible is this org going to be to outside influences that have priorities higher than the honest/accurate/timely reporting of vulnerabilities?".