GitHub user ppkarwasz added a comment to the discussion: Addressing AI-slop in security reports
Hi @DanielRuf, Our bug bounty program is funded by the [Sovereign Tech Resilience program](https://www.sovereign.tech/programs/bug-resilience#module-bug-fix-bounty-platform) of the Sovereign Tech Agency. OSTIF is also a partner in the program, but it concentrates on providing audits, while YesWeHack handles the bug bounty. There is some concept of reputation in YesWeHack too, but all sorts of _gating_ are not compatible with the Apache Way. We all remember our first pull request, which was kindly reviewed by maintainers, even if it was far from perfect. Currently, there is a public tender to determine who will triage and fix our security bugs in the future (see [CXP4D9LMB6A](https://www.dtvp.de/Satellite/public/company/project/CXP4D9LMB6A/en/documents)). We would love to make a proposal ourselves, but we lack a couple of hundreds thousands euros in yearly turnover. :wink: GitHub link: https://github.com/apache/logging-log4j2/discussions/4052#discussioncomment-15950010 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
