Comment by bflesch

Yes, most of the time you can find someone that cares in the data privacy team or some random security engineer on social media. But it's a very draining process, especially when it's a tech company where people should actually quickly grasp the issue at hand.

I tried every single channel I could think of except calling phone numbers from the whois records, so there must've been someone who saw at least one of the mails and they decided that I'm full of shit so they wouldn't even send a reply.

And if BugCrowd staff with their boilerplate answers and fantasy nicknames wouldn't grasp how a HTTP request works it's a problem of OpenAI choosing them as their vendor. A potential bounty payout is not worth the emotional pain of going through this middleman behavior for days at a time.

Maybe I'm getting too old for this :)