Thanks for the explanation. That makes sense and seems pretty reasonable. The company should certainly have the opportunity to fix the vulnerability before it's made public and could be exploited.
> If I were to guess, Zoom was using some unusual NDA and attempting to buy permanent silence.
Considering that Zoom ultimately decided not to correct the issue I suspect you're right.
> - Offered and declined a financial bounty for the report due to policy on not being able to publicly disclose even after the vulnerability was patched.
> If I were to guess, Zoom was using some unusual NDA and attempting to buy permanent silence.
Considering that Zoom ultimately decided not to correct the issue I suspect you're right.