[lrvick]

To contrast this, in the last bug bounty page I set up I strongly suggested researchers gpg encrypt email to submit their findings. I really didn't want sensitive issues directly exposed to our entire support team.

As it turns out, the gpg encrypted emails which were only a small fraction of the ones we received, and made up the substantial majority of actionable issues we rewarded on.

If a security researcher is not capable of encrypting email to a public key, they probably are not bringing me anything worth my time to read.