[ecesena]

HackerOne has an open source program which is free. You could start with it: https://www.hackerone.com/company/open-source-community

I'm sure you can talk to them then, and figure out the best strategy to offer paid rewards.

[d4kmor]

Interesting - I didn't knew that one. It seems very security related - I'm not sure if issues for not supporting a specific part in a spec or for improving documentation for a feature will fit in.

What do you think?

[ecesena]

This is 100% security bug bounty. No docs improvements or functionality bugs.