It's very common for large companies to "close" or downplay vulnerabilities. That doesn't exempt researchers from responsible disclosure timelines. There have been plenty of instances where a company reverses course after some back & forth and the looming threat of going public.
I have nothing to do with any of this.
But since they don't consider these as vulnerabilities in the first place, then yeah, sure.
It's very common for large companies to "close" or downplay vulnerabilities. That doesn't exempt researchers from responsible disclosure timelines. There have been plenty of instances where a company reverses course after some back & forth and the looming threat of going public.