I found a contact, thanks for the messages. 
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Are bug bounty platform terms regarding disclosure the reason you don't want to report via the platform? Genuinely curious. You aren't the 1st researcher who feels this way if so. It's a reason I advise companies not to require any form of NDA-like terms. https://www.lastpass.com/security
-
Yes, I refuse to agree to terms before reporting a vulnerability. I prefer email, they're still free to not read my reports if they like.

- 4 more replies
New conversation -
-
-
almost exactly two years ago:https://twitter.com/taviso/status/769378052254015488 …
-
Hah, it turns out the majority of the crazy is concentrated around one particular vendor. I will definitely not look at them again, I don't even want to say their name.

- 10 more replies
New conversation -
-
-
can't get the vulnerability report emails, no vulnerabilitiespic.twitter.com/lqZOMTpEDw
- 1 more reply
New conversation -
-
-
I came across a big company where the PSIRT actively refused any vuln details by email (RCE and LPE): "no, won't read, go send your report through the bug bounty platform"...
-
Fine with me if they don't want to read it, it's their customers and software after all, but their 90 day clock would still start ticking...
- 1 more reply
New conversation -
-
-
Ooof. I've put my eggs in this basket, how bad is this basket?
-
Make sure you're using 2 factor authentication. I personally LOVE
@Yubico Yubikey, at the very least an authenticator app. - 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

