Ok. I've read it. Nowhere does it mention IOTA contacting the researchers in question in May.

This article also answers the wrong question. If the crytocurrency is not cryptographically secure all that stands between an attacker and a victim is a piece of malware or social engineering. The fact that the researchers didn't go all the way and document a specific attack that could be performed tomorrow does not mean that Curl was secure in practice.

Finally this continues to fail to address many salient points. Like why use trits? Why wasn't kekkac used from day one?