Dear Ronak, I am terribly sorry but we are a Free Software project with very little funding so there is no bug bounty and the closest we have got to a hall of fame is our contributors page (http://www.gnustep.org/developers/whoiswho.html). Vulnerabilities should just like any other bugs be reported on our Savannah page (http://savannah.gnu.org/projects/gnustep/) or if you prefer on https://github.com/gnustep. Or if all of this is too much hassle for you, just write a mail to this list or to me in person.
Hope this helps, Fred PS: I looked at your LinkedIn page and your record so far is impressive. > Am 24.01.2020 um 13:59 schrieb Ronak Nahar <[email protected]>: > > I'm a security researcher and I had found few vulnerabilities on your domain, > do you have any bug bounty or hall of fame for reporting a vulnerability. How > do I report it? > > Regards, > Ronak Nahar
