Hey, I'd like to suggest that if you're a person who receives security issue notifications from vulnerability researchers, it's always worth making a point to say "Thank you" in your first response, and "Congratulations" when issues are confirmed. 


Finding issues, especially ones that can be published, is often an important achievement, even career milestones. It's just that :) Finding bugs before attackers or production does is also worthy of positive reinforcement. I think it helps to flip the "bad news" bias.
-
-
I guess it depends if it's "here's an interesting new vulnerability in a heavily security vetted piece of a software underpinning lots of security" or "here's some crap javascript written to allow anyone to inject some more" - I find the second sort...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.