Hey, I got into more details in my internal discussion with the researcher and previous post, but around the time we determined we couldn't replicate it, we got a similar report leading me to believe this was already closed. I didn't believe there was something the whole time. It was a mix-up on my side, and I'm sorry about it.
I think I understand, I've also fallen victim to losing track of things, so I understand. If you haven't, maybe having a policy of trying to have zero security issues in the backlog would help here? That way things can't get lost, and if they're closed then at least the other party can see their issue has been closed and act accordingly (maybe try and escalate or something if they still think it's a real issue).
Wouldn't the wrong party, after getting an erroneous closure email, have immediately followed up, multiple times probably if the first one was ignored?
It's still unclear what prevented the follow up communications from making its way to you.
