raboof commented on PR #459: URL: https://github.com/apache/commons-lang/pull/459#issuecomment-3188640369
As a volunteer-based open source organization, the ASF doesn't have a bug bounty program at this time. There are some 3rd-party bounty programs (https://hackerone.com/ibb, https://yeswehack.com/, https://huntr.com/) that have some ASF projects in scope, but I'm not aware of any of those covering commons-lang. AFAIK all bug bounty programs have the prerequisite that the issue is responsibly reported to the project in private - AFAICT that didn't happen here, so it wouldn't qualify for that reason either. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
