Oh, for sure. I should clarify that I meant that they received the iPhones under an NDA, not that they reported bugs under an NDA (aside from the 90-day disclosure to get any bounties).
Right. You can find pictures of actual internal devices all over the internet (supposedly some people will even sell them to you), so it's quite strange to not hear anything about these. With Apple going after Corellium, I think many researchers are thankful for the various exploits we've had recently that have kept iPhone open.
I'm fine with pre-release bugs being reported under an NDA. If pre-release bugs are publicly disclosed that is arguably a punishment for companies who seek that validation early in the cycle rather than later.
