If you think that revealing the name of a business discloses the vulnerability, then I question whether you are using "vulnerability" in the standard way or that what you have found is a vulnerability as understood by the software community.
Unfortunately many people do this, thinking that a potential bad outcome of a business process is a "vulnerability" - perhaps they are using vulnerability in the non-technical sense, as in "we're vulnerable to supply chain disruptions".