I really think the actual issue here has been clouded over by reactions to the way the issue was handled. Sure it wasn't the most mature and professional way of handling the situation, it was illegal and he certainly didn't need to take it to the extent he did - but he put the issue to the forefront.
Github responded well although it does seem as they were trying to spin it as though they had the situation in hand more so than I believe they did - but thats just me.
Long story short - github handled it well, but the real story is hugely popular (techy) news - cant ask for better community awareness than that!
The problem is people are still confusing two issues.
1 - The mass assignment rails issue was resolved as soon as could be after it was reported
2 - The public key form update vuln was NOT reported and used, NOT to attack github but to make some point to the Rails team.
The second issue was the one github had been talking about in the original blog post. They handled it as soon as it was discovered.
In so far as they responded as quickly as possible, yes they had it in hand.
