With Amazon AWS I had fun exchange a couple of years back. They don't have a bug bounty (still I think), but their response was that they will fix it but not publicly recognize it because "the cloud is always secure"? Go figure.
It's not, I still have the email exchange from a couple years back - I thought of posting it somewhere because it was so odd, but I dont have a blog and I am not interested in publicity.
Amazon still doesn't offer a bug bounty program to my knowledge. Also, it's the only cloud provider my active security researcher friends tell me that attempts to regulate them by some weird pen test authorization requirements which are very foreign to industry standards of other cloud providers.
I'm just on the side lines watching, but there is a difference of how transparent AWS vs. GCP vs. Azure are when it comes to security. GCP > Azure > AWS
This sounds..
awful. I'm sure there are reasons, but hiding information this way makes you seem incompetent and unsure of yourself (you as Amazon, not you personally) in my eyes.
Edit: I assume you are speaking as employee of Amazon of course, which is not necessarily true.
