[keraf]

Or negligence :-)

[batch12]

What if the billion dollar company has a responsible disclosure process and internal vulnerability management program and has just decided not to pay for unsolicited bug reports? Where is the negligence?