In January, the EU is launching bug bounties on Free Software projects to increase the security of the Internet! #FOSSA #bugbounty #35c3 https://juliareda.eu/2018/12/eu-fossa-bug-bounties/ …pic.twitter.com/ftIkp7lemZ
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
As an example, the 89K€ going towards Drupal bounties could easily pay for one or two (depending on geo / seniority) developers working full time on Drupal security. I don't have data, but my gut feeling is that this would be a better use of everyone's time and money.
That would indeed be better, but the @EU_Commission can’t just dish out money to developers who haven’t gone through an onerous public tender process that favours large consultancies that specialize in bidding for tenders rather than Drupal development.
but that would be counter to the current Star System that exists in the noxious security community. The bug bounty system is part of it. Having vendors that deny the presence of bugs until you show the actual exploit in their face is another.
The vendor part mostly doesn't apply to FOSS bug bounties though. In all but the rarest of exceptions (Calibre comes to my mind...) FOSS maintainers are quick to acknowledge and fix vulnerabilities even in the absence of a weaponized PoC.
How about a bounty for adding test cases?
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.