As part of my professional growth as a Software Engineer, I explored information security. Throughout the process I found and reported several bugs in commercial software.
Reported access control flaws in Signal Desktop
This may or may not be considered an issue. I think it is because the SQLite database is encrypted but "for no reason"? I find that unlikely and believe this is a bug. BleepingComputer published this information on my behalf.
Reported access control in Telegram for macOS
This was a bit more complex. My Macbook Pro had Telegram for macOS installed and pinlock was enabled in the app. Unlike the issue with Signal Desktop, users were under the impression their data was encrypted and secure behind the pinlock while it actually was not. BleepingComputer published this information on my behalf.
Reported bugs in MyBB 1.8.14 to the MyBB Group
I reported several cross-site scripting vulnerabilities which were patched and credited in the release of MyBB 1.8.15.