"Don't announce an unpatched vulnerability ever" used to be the norm. It caused a massive problem: most companies and organizations would never patch security vulnerabilities, so vulnerabilities would last years or sometimes decades being actively exploited with nobody knowing about it.

Changing the norm to "We don't announce unpatched vulnerabilities but there is a deadline" was a massive improvement.