My favorite part about operating a responsible disclosure program is all the drive-by Indian "security researchers" who copy paste OWASP best practices and then go silent when you ask them to provide a practical demonstration that their reported vulnerability is actually exploitable against our infrastructure. 🙄