I've no doubt this exploit is legit but it would be nice for reporters to actually verify these issues themselves before posting online.
The above basically reads to me I'M TOO LAZY TO CHECK MYSELF
For example, you might expect Ars Technica to own an Xbox One but wololo may not have one himself but yeah, I know what you mean.
EDIT: Oh, I overlooked the part where he says "yup, I still don’t have an Xbox One…" so there ya go
http://wololo.net/category/news/
Even if this were the New York Times talking about an exploit, I'd expect their reporters to, well, report, not necessarily directly verify something themselves. And this is quite clear that it's unconfirmed. What he does do is report what the developer is saying, adding sufficient context for non-experts to understand, and giving links so those interested can learn more. Presumably once it's verified, there will be another article saying so.
Given that, it seems like perfectly fine amateur journalism. Why do you expect it to be something else?
* for games, it's separately handled for validation
It is not about this case in particular, but what often "bugs" me is the fact that there are people discovering exploits in these locked-down devices --- which could open them up significantly --- and actually advocate/report to get them fixed, making them even more locked-down. I understand that some of them are in it for the $$$, but even when there isn't, they still do it. The phrases "digging your own grave" and "locking yourself out" come to mind... it all seems rather Orwellian.
https://www.ftc.gov/news-events/blogs/techftc/2016/10/dmca-s...
He called out nothing incorrectly, he said there's this stuff circulating that I think seems credible because of blah, but we don't know.
He told you the facts and his opinion on them.