There are explanations on how it works here [https://archive.is/6imWR] [http://www.tangleblog.com/wp-content/uploads/2018/02/letters...]
You don't need code to prove that a vulnerability exists, it is sufficient, especially for crypto primitives like hash functions or cipher rounds, that there is a mathematical vulnerability that can be potentially exploited.
I am a researcher in cryptography who just read the full email transcript posted at . I found Ethan and Neha's email responses to be patient and sincere.
In contrast, the IOTA team members Sergey and David have no idea what they are talking about. The IOTA constructions were broken, and instead of understanding that, they made bogus points and tried to attack the four DCI researchers in various ways.
In that context, I think Green's tweet represented a bit of frustration at the way public rhetoric is being misused.