On Mon, Nov 11, 2024 at 3:07 AM tempuser39387451364
<[email protected]> wrote:
...
> But anybody thought about having a security bug bounty for OpenBSD based on
> the money in the foundation? For responsible reporting.
Yeah, no: bad idea. Doesn't help the people who _are_ the project,
while lacking the scale necessary to actually run a successful ("tells
you something about the target") bug bounty program. If the bug
bounty program wouldn't be an afterthought on the budget you shouldn't
be doing one.
...
> Eg.: 100 000 USD for a RCE on the default install of OpenBSD.
"Other people should pledge their money and spend their time on this
thing that..."
...
Bah: shut up and hack!
Philip Guenther
