Those are three mega-corporations, and not small businesses though. Most places I've worked with outsource the software, web server administration, and SSL administration all to a single client, and don't necessarily pay for a security team to maintain GPG keys, but just for maintenance and ongoing development.
Allowing the web team to securely receive a vulnerability report using infrastructure they've already built opens up a secure reporting process to thousands of smaller businesses.
Allowing the web team to securely receive a vulnerability report using infrastructure they've already built opens up a secure reporting process to thousands of smaller businesses.