upvote
Ok? I agree with everything. What does that have to do with reporting exploits that don't have bounties?
reply
I don't think you thought this through.

does this also apply to individual developers?

should Linux Torvalds or the ffmpeg developers go to jail if they merge a RCE zero-day into the Linux kernel or into ffmpeg?

reply
gross negligence / honest mistake

if you cannot differentiate the 2, :insert rude thing here:

reply
ok, so you agree that if Linus merges code due to gross negligence, for example he was warned in an email that it contains a RCE and he laughs it off, and still merges it, he should go to jail

glad you are consistent in your beliefs

reply