This video was posted on the 27th and they had addressed it by the 28th. I think that's pretty good.
That's far from the truth.
The presentation mainly focused on the original research, but the serious potential is in the earlier hack by Saleem Rashid which is clearly explained in the video.
What good is a bug bounty if it's only paid out for less serious issues? Rashid did not receive a cent, and the Ledger CEO called the hack "massive FUD" and has continuted to downplay the implications since.
they haven't been able to gain access to the secure element and they haven't been able to extract private keys, PINs, seeds or funds
The researchers specifically explained this in the presentation. There is no need to access the private keys since all communication (the display output and the key input) takes place through the application processor. A hacked firmware would just send a transcation to the secure element, skip displaying any message and then send the required keypress to the secure element.