Have you noticed any significant change as part of your work with Shodan? If you contact them, do the organizations even do fixes at a steady rate? What's the situation?
We've had great success working through other CERTs and enterprise customers that have existing relationships with affected customers. Reaching out ourselves has been a mixed bag. For us, we have more success directly working with vendors and trying to make sure that moving forward devices are properly configured. And to let them know who's impacted so they can follow-up as part of their regular support services.