[securesaml]

I agree MSFT should have paid way more.

My point is if that FFmpeg, tried to raise more awareness of the issue, say talk to news outlets, they could get much more funding from MSFT.

Furthermore, big companies like Google, Microsoft care a lot about security. So they could raise money for security engineering like fixing memory corruption issues. Of course, FFmpeg could complain Google, Microsft doesn't care about all the high severity vulnerabilities in FFmpeg. That would be much more of an eye catcher.