But Wait!
Anyway, BIND 9 now also has Bug Bounty program via #YesWeHack (fosstodon.org/@iscdotorg/11576…) and we got exactly one genuine issue out of 15 (and that's issue that has been previously independently reported). The rest was:
⁃ Cryptographic Weakness in BIND 9.20.15 PRNG Enabling DNS Cache Poisoning (Bullshit AI Slop; it just proved lack of randomness in provided PoC 
:)
⁃ Multiple EC/TLS Private Keys Committed to Public Bind9 Repository (yeah, in system tests) (1/2)
When the European Commission approached us about funding a bug bounty for BIND 9, we were impressed with the proposal. We have a policy against bug bounties (because we were frustrated with people wasting our time), but under this proposal, the YesWeHack team would do initial triage, and use their expertise to minimize the 'slop' reports. This is a game-changer for a small development team.The bounty program is active, and we are looking for our first valid report.
yeswehack.com/programs/bind-bu…
BIND 9 Bug Bounty Program bug bounty program - YesWeHack
BIND 9 Bug Bounty Program bug bounty program detailsYesWeHack #1 Bug Bounty Platform in Europe
