The article recounts a positive experience in security research involving two vulnerabilities found in Mailpit, an email testing tool. The author, a security researcher, highlights the importance of collaboration and communication in addressing security issues. The vulnerabilities include a Server-Side Request Forgery (SSRF) that could expose AWS metadata through improper URL validation and a Cross-Site WebSocket Hijacking (CSWSH) that allowed attackers to connect to Mailpit and steal emails in real-time without authentication. Both vulnerabilities were reported to Ralph Slooten, the maintainer of Mailpit, who responded promptly and effectively. The author emphasizes how Slooten’s open-minded approach facilitated quick resolution. After suggesting the use of GitHub Security Advisories, the maintainer enabled it immediately, allowing for secure communication. The validation and fixes for the vulnerabilities were completed in just a few days. This experience underscores the value of a respectful and cooperative relationship between security researchers and developers. The article suggests that developers should keep GitHub Security Advisories active to ensure a safe communication channel for reporting vulnerabilities.