That’s what I was thinking. I was once responsible for a RCE vulnerability that was reported to hackerone on Christmas afternoon. Even then I took less than 1/48th the time to disable the feature and had a patch ready in half the time it took them to just disable jupyter notebooks.

I’m not claiming to be better at my job than their response team. I’m almost certainly not. The difference is I didn’t have to have meetings with 20 different internal stakeholders before acting.