It does eventually. If you want a prompt response you should contact product security.

Shouldn't Apple be the ones who really want to respond promptly? Why should we work around bugs in Apple's issue reporting system?

I don’t really see the problem with getting faster responses by contacting Apple’s security team directly for potential vulnerabilities when compared to the general-purpose bug tracker.

By an hour or two, maybe. But since the last version of the OS? No.

Usually big companies such as Discord give perks to the bug hunters who find bugs. Apparently Apple doesn't have that. There are probably people at Apple who won't admit that they have bugs, when every operating system has bugs, the code is too big to not create a single bug or exploit.

Huh? Apple has a robust bug bounty program.

https://security.apple.com/bounty/