Hackers' Pub

RE: https://mastodon.social/@bagder/115893088600630096

This is should be a wider discussion in the security industry. Sustainability!

It’s important to realize that for (small) open source projects, even reports of real security issues with real impact are significant workloads.
They need to be reviewed, understood, fixes designed.

And those fixes may have further effects like compatibility breakage or redesigns.
If done correctly this is a lot of work, work that those developers usually do unpaid. If they have the time.

Bug bounties may increase the amount of code review and hopefully increase the security of a project due to the amount of eyes on it, but they need to be in sync with the needed resources for the project to review and act on those reports.

What if a bug bounty program paid both the finder and the open source project for fixing an issue?

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`