I'm only just realizing now why I was treated so strangely after discovering a pretty severe security issue that had been in our software for about 7 years. I had only been in the team for about 12 months when I discovered it.
The only time I have seen a good response from the discovery of a large security hole was when it was by total accident, and the person mentioned it in a public channel by accident. They almost got fired, but the bug got fixed quickly.
