I work for one of the big SaaS providers. Their internal response to this stuff requires me to fill in forms and sign a bunch of shit, as well as exchange emails and enter MFA codes - it ends up taking about 30 mins to 1 hour of back-and-forth (over a period of about a week because timezones - they obviously leave this process management stuff to where labour is cheap).
I did it once, I've found probably 10 other issues with customers, partners and our own products that I won't be reporting since I have to go through that process every time with my employer.
There is no benefit to me for reporting it aside from an automated thank you message when they close a ticket.
I'd submit/advise anonymously but I usually discover this stuff in a way they can trace it back to me.
So instead, my data as well as my customers, colleagues and good peoples data remains accessible to the internet.
I did it once, I've found probably 10 other issues with customers, partners and our own products that I won't be reporting since I have to go through that process every time with my employer.
There is no benefit to me for reporting it aside from an automated thank you message when they close a ticket.
I'd submit/advise anonymously but I usually discover this stuff in a way they can trace it back to me.
So instead, my data as well as my customers, colleagues and good peoples data remains accessible to the internet.
I'm sorry for that.