[danShumway]

This is such a weird response to me.

The WSJ personally proved that Amazon doesn't have additional seller checks around food suppliers to make sure they're reputably sourcing their products. But because we don't have evidence that people are (currently) taking advantage of that, our response should be different?

If my website has an XSS vulnerability that exposes my database, and someone tells me about it, can I downplay the issue by saying, "you don't have evidence that anyone is currently exploiting it"? Would you feel comfortable continuing to use my software if that was my response?

> Attempts to list a protein powder, a pea-powder dietary supplement and a face sheet mask—all from the dive—elicited a request from Amazon for proof of purchase.

Amazon does have quality control metrics for some items, but doesn't use them for food -- meaning that in practice buying food on Amazon may not be much safer than buying food on Ebay. In that sense, think of the WSJ article as a public disclosure of a vulnerability in Amazon's quality control measures. A vulnerability that we observably know exists because the WSJ personally verified that it existed.