Recently someone left a negative review of the companion plugin for our service, which seemed more like it was just someone looking to bash us than a legitimate review of the plugin (based on another review of theirs they are a paying customer of Wordfence, which explains a lot). The reviewer didn’t even seem to be all that aware of what the plugin did as they said “just tells me that something is bad” or what we do. Part of their review was:
If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.
From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.