in reply to daniel:// stenberg://

Maybe vulnerabilities should be handled as bets. The reporter puts as much money in the pot as he thinks it is worth it. If the report isn't handled, he gets his money back. If the report is handled and considered valid, they get it back double. If the report is handled but considered bullshit, the money is kept as compensation for wasted time.
⇧