Perhaps you can submit a note back to them so that they can mark it fixed, and close it. I know that if the next developer/admin comes along to check logs and sees that flagged, they will likely contact you, too.
We run clean green on our servers. A vulnerability or exploit mark is typically grounds for removal, or we look to help fix them.
Thanks for replying so quickly!