I submitted a comment to this article but it's unclear if it's going to be moderated or indeed published, here's what I said:
I think it's a bit discourteous to shoo Daniel away due to an out of scope
report, then cry wolf when your clients do actually feel that this warrants
a response. The fact that you made changes to your systems in response
indicates that this wasn't as benign as it first seemed.
IMO Zendesk should do the right thing and issue a reward. An issue was
reported and ultimately resolved in some fashion. Continue to encourage
researchers to bother reporting things to you. Yes, you have a little egg
on your face due to the end-run via your clients, but that's life, Zendesk
will survive.
