{"generator":"GNU social 2.0.2-dev","title":"Conversation","totalItems":1,"items":[{"actor":{"id":"https:\/\/infosec.exchange\/users\/adulau","displayName":"Alexandre Dulaunoy","status_net":{"avatarLinks":[{"url":"https:\/\/gnusocial.jp\/avatar\/204538-original-tmp20231027091710.webp","rel":"avatar","type":"image\/webp","width":378,"height":378},{"url":"https:\/\/gnusocial.jp\/avatar\/204538-96-20231027091710.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},{"url":"https:\/\/gnusocial.jp\/avatar\/204538-48-20231027091710.webp","rel":"avatar","type":"image\/webp","width":48,"height":48},{"url":"https:\/\/gnusocial.jp\/avatar\/204538-24-20231027091710.webp","rel":"avatar","type":"image\/webp","width":24,"height":24}],"profile_info":{"local_id":"204538"}},"image":{"url":"https:\/\/gnusocial.jp\/avatar\/204538-96-20231027091710.webp","rel":"avatar","type":"image\/webp","width":96,"height":96},"objectType":"person","summary":"Enjoy when humans are using machines in unexpected ways.  I break stuff and I do stuff.The other side is at @a (photography, art and free software at large)#infosec #opensource #threatintelligence #fedi22 #threatintel #searchable","url":"https:\/\/infosec.exchange\/@adulau","portablecontacts_net":{"preferredUsername":"adulau","displayName":"Alexandre Dulaunoy","note":"Enjoy when humans are using machines in unexpected ways.  I break stuff and I do stuff.The other side is at @a (photography, art and free software at large)#infosec #opensource #threatintelligence #fedi22 #threatintel #searchable"}},"content":"<p>Something that\u2019s been bothering me for years in the security world: why do researchers demand bug bounties for vulnerabilities in open source projects, when the very contributors maintaining and fixing those issues get nothing, just goodwill?<\/p><p>It feels deeply unfair. The burden falls on unpaid maintainers, yet bounty hunters get rewarded. If you want a paid bounty, maybe help fund the people who actually fix the mess too.<\/p><p><a href=\"https:\/\/infosec.exchange\/tags\/opensource\" class=\"mention hashtag\" rel=\"tag\">#opensource<\/a> <a href=\"https:\/\/infosec.exchange\/tags\/security\" class=\"mention hashtag\" rel=\"tag\">#security<\/a> <a href=\"https:\/\/infosec.exchange\/tags\/bugbounty\" class=\"mention hashtag\" rel=\"tag\">#bugbounty<\/a><\/p>","generator":{"id":"tag:gnusocial.jp,2026-07-05:notice-source:ActivityPub","objectType":"application","status_net":{"source_code":"ActivityPub"}},"id":"https:\/\/infosec.exchange\/users\/adulau\/statuses\/114700426028442099","object":{"id":"https:\/\/infosec.exchange\/users\/adulau\/statuses\/114700426028442099","objectType":"note","content":"<p>Something that\u2019s been bothering me for years in the security world: why do researchers demand bug bounties for vulnerabilities in open source projects, when the very contributors maintaining and fixing those issues get nothing, just goodwill?<\/p><p>It feels deeply unfair. The burden falls on unpaid maintainers, yet bounty hunters get rewarded. If you want a paid bounty, maybe help fund the people who actually fix the mess too.<\/p><p><a href=\"https:\/\/infosec.exchange\/tags\/opensource\" class=\"mention hashtag\" rel=\"tag\">#opensource<\/a> <a href=\"https:\/\/infosec.exchange\/tags\/security\" class=\"mention hashtag\" rel=\"tag\">#security<\/a> <a href=\"https:\/\/infosec.exchange\/tags\/bugbounty\" class=\"mention hashtag\" rel=\"tag\">#bugbounty<\/a><\/p>","url":"https:\/\/infosec.exchange\/@adulau\/114700426028442099","status_net":{"notice_id":null},"tags":[{"objectType":"http:\/\/activityschema.org\/object\/hashtag","displayName":"bugbounty"},{"objectType":"http:\/\/activityschema.org\/object\/hashtag","displayName":"security"}]},"to":[{"objectType":"http:\/\/activitystrea.ms\/schema\/1.0\/collection","id":"http:\/\/activityschema.org\/collection\/public"}],"status_net":{"conversation":"tag:gnusocial.jp,2025-06-17:objectType=thread:nonce=203d3385ed792c0c","notice_info":{"local_id":"10235391","source":"ActivityPub"}},"published":"2025-06-17T20:18:34+00:00","provider":{"objectType":"service","displayName":"GNU social JP","url":"https:\/\/gnusocial.jp\/"},"verb":"post","url":"https:\/\/infosec.exchange\/@adulau\/114700426028442099"}],"links":[{"url":"https:\/\/gnusocial.jp\/conversation\/5216609","rel":"alternate","type":"text\/html"}]}