I've had several companies tell me they were very interested in improving the security of their software. Then when I found some security issues and suggested we fix them, was told to stop wasting their time with irrelevant stuff. Most recent time this happened was 2 weeks ago.
One company, a few years ago, was particularly bad. One of the vulnerabilities I'd pointed out was exploited a couple months after, resulting in the compromise of a server. That server had full access to a database full of HIPAA-protected patient data. Of course the company leadership denied left and right that the data was PHI (protected health information). But I've worked for other organizations that did take their HIPAA obligations seriously, read parts of the law, and this stuff super obviously was PHI. Also had data on a few patients in Massachusetts, making it subject to the somewhat draconian Massachusetts Data Security Law.
FWIW, that same company's software also directly facilitates likely violations of several state's labor laws. I'm afraid I don't know enough about various state labor laws to say for sure - and some states have really, really bad labor laws - but the stuff they did was super shady. Basically amounted to shorting low-wage workers on their already meager pay. Which is exactly what the customers wanted.
When I pointed out to bossman that this was probably illegal, and surely unethical, his reply was: "shut the fuck up and code, you sub-human peon!"
Without a doubt the worst company I've ever worked with. In terms of leadership, ethics, and code quality. Naturally they are a VC-backed startup based in San Francisco.
Not going to name the company here - no interest in getting sued for libel. But if you're a gubmint enforcement type, feel free to present yourself and your credentials, and we can chat. I post under my real name, you shouldn't have any problem contacting me.