[imoreno]

Why would there be an NDA on atop? It's under GPL.

[lolinder]

It might be covered under an NDA with some company that she's contracting with if she/they discovered the vulnerability in the course of their work.

[devmor]

It could also be any number of other things too, like it's severe enough that the author feels its responsible to wait for mitigation efforts before disclosing anything about the issue that could lead to it being exploited.

[lolinder]

The existence and phrasing of this post implies that the author doesn't trust the atop developers to fix anything in a timely manner if at all.

[devmor]

The developers don't necessarily have to be the ones working on mitigation efforts.

[YetAnotherNick]

"screams NDA" is not the same as "might be covered under an NDA". And in any case, very likely the said company has already taken mitigative action like removing atop already.