The utter lack of a mechanism to report bugs, particularly security bugs, seems far worse.
I've encountered this problem frequently when interacting with various organizations. The pervasive availability of bug-tracking systems and/or bug-reporting email addresses makes the absence of one quite conspicuous.
I've many seen organizations applying spam filtering on their security@org.org address, leading to tons of reports ending up in spam boxes without being noticed by the company. The researcher doesn't receive any feedback on his responsible disclosure and multiple reminders, and finally submits the vulnerability to a full disclosure list.
I've encountered this problem frequently when interacting with various organizations. The pervasive availability of bug-tracking systems and/or bug-reporting email addresses makes the absence of one quite conspicuous.