You’ve reported a really cool but complex vulnerability. Unfortunately, the team you’ve reported it to doesn’t seem to agree there is a problem. What’s worse, each time you get close to agreeing on something they move on to a completely different point.
This is a logical fallacy and rhetorical tactic called “moving the goal posts”.
In short, the team refuses to concede a point even though you appropriately address each individual objection.
How to deal with it
It’s important to know that this isn’t (always) intentional (Hanlon’s razor).
Ensuring moving goalposts don’t prevent you and the team from reaching a successful conclusion comes down to not letting the discussion deviate.
- Point out when the discussion deviates from an unsettled topic
- Avoid getting pulled into discussing a new topic before reaching a conclusion
- Come to a clear conclusion and summarise it
- It can really help if you and the team both explicitly state your agreement
Implementing this in your approach will help you avoid going in endless circles. However, it’s not always effective. Bug bounty mediations are a good fallback (if available).