|
|
|
|
|
|
by crispweed
2838 days ago
|
|
|
I don't know exactly how that bug bounty program works, but it feels like there may be some fundamental issues with bug bounties in the context of open source projects. For example, what is there to prevent someone from introducing a bug into an open source project, first of all, and then subsequently claiming a bounty for identifying and/fixing it? (Maybe this can end up by forcing more careful pull request auditing for security critical projects, but that seems like a big ask..) |
|
|