Pretty typical. Dealing with vulnerability reporting and disclosure has always sucked for researchers, and from my (very) limited experience on the vendor side, it isn't much better there. I'm honestly surprised more of these researchers haven't gone back to the bugtraq/full disclosure model.