Comment by elliekelly
6 years ago
Thanks for the explanation. That makes sense and seems pretty reasonable. The company should certainly have the opportunity to fix the vulnerability before it's made public and could be exploited.
> If I were to guess, Zoom was using some unusual NDA and attempting to buy permanent silence.
Considering that Zoom ultimately decided not to correct the issue I suspect you're right.
From the Medium post:
> - Offered and declined a financial bounty for the report due to policy on not being able to publicly disclose even after the vulnerability was patched.