Conversation

Replying to
urg, my (very limited) experience with bug bounties is bad but in general the reporter always has the disadvantage. Don't get me wrong I think reporting bugs to get them fixed is awesome. Sucks! PS: I think bug bounties need an automatic payout if they "accept" the report.
1
Once it's closed as a duplicate, you get no further updates on whether they're still working on it and preparing to ship a fix. You don't exactly get great information otherwise, but if it's closed as a duplicate you have absolutely no more updates on what's happening.
1
We're generally reporting issues because we found them as part of developing GrapheneOS and need to ship a fix for it. If it's a problem in the OS rather than firmware or hardware, we can ship a fix ourselves. Doesn't make sense to wait months for them especially without comms.
1
Show replies