Can't be mad at the speed and outcome of the response. I'm sure they would have preferred the incident not be published at all...<p>In any case, we've all had "oh shit!" moments before. I'd love to think this would be a wake up call about quality control, but Verizon is just so freakin' big, that I can't imagine the number of vendors that have contributed to the amount of code Verizon is running at any given time. I can't imagine the chore of vetting it all at delivery time, let alone having to go back now, realizing how bad that bug was and assuming other sloppiness likely exists.
I'm not generally a fan of Verizon as a corporation, but they deserve kudos for fixing the issue quickly and rewarding the OP for reporting it! This should be the norm. Too many nightmare stories of companies prosecuting users who find and report vulnerabilities.
Really glad this ended well for the OP and not with a prosecution for violating the Computer Fraud & Abuse act (something I was deathly scared of last year when testing Virgin Mobile's ability to brute force logins).
Though there are smart people at Verizon, much of their software is outsourced with limited oversight. I once interviewed for what I thought was a dev position but at the end of the interview them tried to slide in that I was really going to be "managing" the outsourced team and would not be allowed to write anything myself. I said no.