I'm willing to give Yahoo! the benefit of the doubt that they're working on that general class of issues, but it needs to be a priority to fix the underlying cause of this exploit. That it took 8 months for this guys report to get taken seriously is silly.
