Maybe vulnerabilities should be handled as bets. The reporter puts as much money in the pot as he thinks it is worth it. If the report isn't handled, he gets his money back. If the report is handled and considered valid, they get it back double. If the report is handled but considered bullshit, the money is kept as compensation for wasted time.
Lord Tom Klopf of CZ
in reply to daniel:// stenberg:// • • •Aljoscha Rittner (beandev)
in reply to daniel:// stenberg:// • • •Wulfy
in reply to daniel:// stenberg:// • • •Andreas Schneider
in reply to daniel:// stenberg:// • • •Brokar
in reply to daniel:// stenberg:// • • •Frank Heijkamp
in reply to daniel:// stenberg:// • • •