1. Email company to responsibly disclose leaked customer API keys.
2. We don't have a disclosure process. No bounty. We'll let you know if that changes.
3. :silence:
4. Email company to disclose more leaked keys. Also ask on bounty updates.
5. Thanks, but because you didn't fill out this other form, no bounty.
6. Point out they never disclosed the disclosure form.
7. "Oops. Too bad."

This is why responsible disclosure sucks...

@ericmann they deserve whatever happens to them. you can lead a horse to water, but you can't make it drink.

@ericmann i'm not sure it will be necessary if they make it so difficult and a waste of time to submit a security report.

Sign in to participate in the conversation

Invite-only community of developers, builders, makers, and tektons.