|
|
|
|
|
|
by mpeg
4582 days ago
|
|
|
I don't think you understand, it's not about a reward; it's about having a clearly defined process to report security bugs that is inclusive of every kind of bug. If you don't have that, people don't know if they are breaking the law by sending you a bug report, and they might not report the issues. Most of the time, the bounty is not going to pay for my time anyway; I just do it for the fun of it, but it definitely says "security issues are welcome" |
|
|