stacksmashingTold someone their "vulnerability report" is bs (result of an automatic scanner that has a false positive...)
This was the response 😑
Geoffrey 
@stacksmashing
Running a bug bounty program for a small company, this is unfortunately very common. A lot of "security researchers" will send low quality / invalid reports, and no matter how you answer them they will disagree with your conclusion and ask for a reward. Even if you don't answer they seem to have an automatic reminder thing.
The thing is, if they keep doing that, probably it is working on some companies. So they probably just automate until they find one on which it works. I'm often not too harsh with them, people need to feed themselves somehow, but I ended up automating most of my answers as well.
Running a bug bounty program for a small company, this is unfortunately very common. A lot of "security researchers" will send low quality / invalid reports, and no matter how you answer them they will disagree with your conclusion and ask for a reward. Even if you don't answer they seem to have an automatic reminder thing.
The thing is, if they keep doing that, probably it is working on some companies. So they probably just automate until they find one on which it works. I'm often not too harsh with them, people need to feed themselves somehow, but I ended up automating most of my answers as well.