Google told researcher 'Nice catch!' Then denied bug bounty for flaw it still hasn't fixed
Summary
A security researcher discovered a flaw in Google's services that could allow unauthorized access to user data. Google initially responded with 'Nice catch!' but later denied a bug bounty, claiming the issue was 'working as intended' despite acknowledging it hasn't been fixed.
IFF Assessment
FOE
This incident represents a potential defense failure as a security flaw remains unfixed and unrewarded, leaving users vulnerable.
Defender Context
This situation highlights a concerning trend where vendors may downplay or deny the severity of security vulnerabilities, leaving users at risk. Defenders should be aware that reported flaws might not be promptly addressed or acknowledged, requiring vigilance in their own security assessments.