I think the point that most of you are missing here is that this paper was written as INDEPENDENT RESEARCH. He was not promoting this paper as if it were @Stake's opinion, just writing a paper about the security field and one of the problems he saw in it. In fact, @Stake is only mentioned in two places - the authors list and the biographies.

If I ever write a paper on security vulnerabilities or write some test code in my spare time, it's my own business and no one would give me any grief. My employers have no control over what I do with my spare time, nor do they have any influence over the opinions I express when I'm not at work. Why is it suddenly different if a CTO does the same thing? Did @Stake own Mr. Geer's free time? I think not. So what possible grounds could they have for firing him for research he performed during his free time?