They just marked something the way exploit was done as "malacious", without fixing the root problem, or informing the the reporter that they "fixed" it. Instead claiming it was never there. That is very unprofessional!
And if these guys were to go though the NDA route, The company may choose just not to fix it at all, and tell these researchers to be quiet about it. And you'd never know there was such a exploit ever.
And if these guys were to go though the NDA route, The company may choose just not to fix it at all, and tell these researchers to be quiet about it. And you'd never know there was such a exploit ever.