The article mentions a security.txt[1] which doesn't seem to contain an email address but it does contain a link[2] to a disclosure program, I'm guessing that's how they submitted all their findings?[1] https://www.points.com/.well-known/security.txt
[2] https://bugcrowd.com/plusgrade-vdp-pro
No comments yet.