HackerOne, when you submit your report on vulnerabilities to financial service providers, what kind of feedback do you get from your recommendations? Do they implement them right away, or do they evaluate the cost of implementation versus the cost of taking the risk not to?
On February 4th, 2019. See this statement in context.