The normal way for the average company is basically what you're experiencing. Eventually you'll either get lucky and get a useful response, give up, or publish the vuln to the public.
In medium/large tech companies, you'll often have a security@ or a bug bounty program or some other clear way to report a vuln, but without naming the company there's not much we can do to guess how to contact them.
The normal way for the average company is basically what you're experiencing. Eventually you'll either get lucky and get a useful response, give up, or publish the vuln to the public.
In medium/large tech companies, you'll often have a security@ or a bug bounty program or some other clear way to report a vuln, but without naming the company there's not much we can do to guess how to contact them.