Joshua Rogers on his bug bounty experiences in 2025.
Positive for #curl, kafka-esque for all others mentioned. ‚BugCrowd‘ seems to a typical level-1 support company living on denials.
(Joshua also reported on Apache and pbly other projects where he could talk to the maintainers. I take #curl here as an example for FOSS projects interested in actually securing things.)
