So, Troy Hunt got the following out;
If we back a bit, we have a communication history in general.
Based on email…
@yourdomain – those where the general in-channels.
Troy got into a tight spot, I have not encountered that – sadly, I got into something worse. Ignorance and fudge..
Reporting anything in a public space – really? How come?
Public space / “social media” is usually under the hand of PR / marketing. Getting ’em to move their butts and report higher … Not the easiest way when we are not talking about security-aware companies.
So how do we determine or detect security-aware companies? We don’t. Bash’em with information – make a correct statement (like Troy and friend did) – and hope that the receiver is not part of the stupidity-bunch.