Honestly, some companies just don’t learn unless you hit them where it hurts. Responsible disclosure’s nice in theory, but when they ghost you or act like stuffs not a big deal, i think its okay to drop the politeness and let the market for a well placed exploit teach them the cost of ignoring security.

And It often pays better then HackerOne.