@GossiTheDog I had a similar experience with Microsoft.
A junior colleague found a 1-click exploit in Skype for Linux. We reported it. We didn't want any bounty money - just to be assigned a CVE that we could include in our paper. Microsoft's response was essentially "it's not an RCE, go away".
Then they silently fixed it, without crediting us.
Never every doing the "responsible disclosure" dance with Microsoft ever again.