@whitequark ngl I kind of wish one particular piece of software had this, there was this dead-simple to implement on paper(afaik just disabling an api endpoint, similar to how they had done for a similar endpoint) request I had submitted to Rocket.Chat's feature request repo in 2022. Bumped it every now and then for about 2 years and haven't since because I no longer have to work with that crap anymore.

Oh, and they also completely lost a vulnerability report I submitted to them, received confirmation of that receipt, reproducibility, and escalation to the appropriate team. a bit later, another email saying an engineer was "actively working on implementing a fix", then radio silence. Haven't tested it in about 6 months but I'd be willing to bet the vuln still exists. (this happened like 2 years ago)