To be fair there's never a shortage of work to be done. And you're right, they didn't disclose a vulnerability but my point is that the role of gray hats typically is to emphasize known issues exactly because they are known but remain unfixed. I hold the position that shitty situations create better systems or fast-track the inevitable failure of bad systems. Dev time is truly lost on projects that are doomed to fail but do so slowly. 

 for this to work the gray hat has to have a better understanding of the situation than the devs.