I don't think you get it. I got root access of a box today, reported it to the company, and was told he couldn't notify the developers until next week because they're in meetings. The person was actually more concerned because I mentioned I was blown off the first time I reported a security issue (emailed password, non-https logins/signups, etc). Meanwhile, I can instantly copy/destroy/deface hundreds of sites, all of which have paid initial fees between $10,000-$50,000 for the service and pay annual fees for continued service.
These companies are fucking stupid and the only way to make them change their ways is to kick them in the balls and piss on them while they're down. Otherwise, nothing happens and others who were less kind don't tell them and harvest the data unbeknownst to anybody. How's that for "real issues"? The real issue is the companies fucking suck and it pisses us off when they don't do a goddamn thing when we report it to them.
These companies are fucking stupid and the only way to make them change their ways is to kick them in the balls and piss on them while they're down. Otherwise, nothing happens and others who were less kind don't tell them and harvest the data unbeknownst to anybody. How's that for "real issues"? The real issue is the companies fucking suck and it pisses us off when they don't do a goddamn thing when we report it to them.