there are some teams in companies like this where management doesn’t want to account for upstreaming and some engineers are happy to open a bug report, move the ticket to blocked, and move on to something else
this would probably just lead to the corporation taking more and more of a role until they take over development of the FOSS projects they care about, which is a particular nightmare I would prefer to avoid
I can’t say I’ve ever sent a security related bug report without at least some work done trying to understand how to fix it. Surely the caliber of people working for Project Zero can do that too, otherwise hi Google I’ll take one job please.
Surely Google has the resources to fix the bugs themselves. Most FOSS projects probably appreciate code contributions more than money.
there are some teams in companies like this where management doesn’t want to account for upstreaming and some engineers are happy to open a bug report, move the ticket to blocked, and move on to something else
this would probably just lead to the corporation taking more and more of a role until they take over development of the FOSS projects they care about, which is a particular nightmare I would prefer to avoid
was upset enough when Microsoft bought Github
I can’t say I’ve ever sent a security related bug report without at least some work done trying to understand how to fix it. Surely the caliber of people working for Project Zero can do that too, otherwise hi Google I’ll take one job please.