It is very pleasing to see companies like heroku publicly thanking (we even got a blog link here) the security researcher that initially reported a vulnerability. Hopefully, we'll see more of this in the future.