The companies who do “damage control” on vulnerability reports by not admitting a vulnerability: do you realize that this strategy also prevents you from announcing having fixed the issue? And that people will keep suspecting forever that you didn’t? Is that really your goal?