I don’t understand how the NDA is coming in to play. Who has an NDA with who?
It sounds like they are accusing Daniel Wood of being a contractor (i.e., security consultant for either Zippy or Intersec.) No way to verify that, except that his linkedin page indicates he is in this line of work. But he could have been doing this pro bono, as it were, without any sort of formal agreement.
My understanding, based on the emails:
ZippyYum hired to IntersecWorldWide to write an iphone client. Somebody saw the CVE disclosure. Either Zippy asked Intersec “WTF is this?” or Intersec is taking preemptive action to avoid Zippy finding out. There’s certainly an NDA between Zippy and Intersec, but no idea whether Wood is a party to one or not. Mikken may just be blustering because it would certainly be to his advantage if all his company’s secrets were automatically covered by NDA.