I can’t say I’ve ever sent a security related bug report without at least some work done trying to understand how to fix it. Surely the caliber of people working for Project Zero can do that too, otherwise hi Google I’ll take one job please.
this would probably just lead to the corporation taking more and more of a role until thet take over development of the FOSS projects they care about, which is a particular nightmare I would prefer to avoid
there are some teams in companies like this where management doesn’t want to account for upstreaming and some engineers are happy to open a bug report, move the ticket to blocked, and move on to something else
Surely Google has the resources to fix the bugs themselves. Most FOSS projects probably appreciate code contributions more than money.
I can’t say I’ve ever sent a security related bug report without at least some work done trying to understand how to fix it. Surely the caliber of people working for Project Zero can do that too, otherwise hi Google I’ll take one job please.
this would probably just lead to the corporation taking more and more of a role until thet take over development of the FOSS projects they care about, which is a particular nightmare I would prefer to avoid
was upset enough when Microsoft bought Github
there are some teams in companies like this where management doesn’t want to account for upstreaming and some engineers are happy to open a bug report, move the ticket to blocked, and move on to something else