[Dalewyn]

>I'll refrain from posting it here so it's not as easy to exploit.

I commend your ethics, but I'm going to be straight with you: Alaska isn't going to do anything until tangible harm and damage occurs. The cost to address the problem is higher than the cost to just ignore it. Alaska probably won't think this even is a problem yet, for that matter.

If you still want to be an unwarranted gentleman, I would report this again but put a firm deadline to disclosure and say "No" is not an answer. Also have a lawyer handy if you choose to make this a problem for them.

[StressedDev]

I don't think this is fair. My guess is the person who found the bug did not report it to a person who knew how to handle a security bug report. My guess is the technical people at Alaska will fix the bug once they know it exists.

[solardev]

Do you have prior experience reporting to them, or why do you believe this to be the case?

(I'm not affiliated with them, just an occasional customer who's wondering if they have a bad reputation in this regard or something.)

[Dalewyn]

>Do you have prior experience reporting to them,

No, though I'm a frequent flyer and have a fairly lukewarm view of them compared to other airlines.

>why do you believe this to be the case?

Generally speaking, people will take the path of least resistance and even moreso if they're professionals who probably aren't paid enough to care enough. Beancounters also won't care beyond the numbers in their spreadsheets.