there are some teams in companies like this where management doesn’t want to account for upstreaming and some engineers are happy to open a bug report, move the ticket to blocked, and move on to something else
I can’t say I’ve ever sent a security related bug report without at least some work done trying to understand how to fix it. Surely the caliber of people working for Project Zero can do that too, otherwise hi Google I’ll take one job please.
Hell, I don’t submit help requests without a confident understanding of what’s wrong.
Hi Amazon. My cart, ID xyz123, failed to check out. Your browser javascript seems to be throwing an error on line 173 of “null is not an object”. I think this is because the variable is overwritten in line 124, but only when the number of items AND the total cart price are prime.
Generally, by the time I have my full support request, I have either solved my problem or solved theirs.
this would probably just lead to the corporation taking more and more of a role until thet take over development of the FOSS projects they care about, which is a particular nightmare I would prefer to avoid
Surely Google has the resources to fix the bugs themselves. Most FOSS projects probably appreciate code contributions more than money.
there are some teams in companies like this where management doesn’t want to account for upstreaming and some engineers are happy to open a bug report, move the ticket to blocked, and move on to something else
I can’t say I’ve ever sent a security related bug report without at least some work done trying to understand how to fix it. Surely the caliber of people working for Project Zero can do that too, otherwise hi Google I’ll take one job please.
Hell, I don’t submit help requests without a confident understanding of what’s wrong.
Generally, by the time I have my full support request, I have either solved my problem or solved theirs.
this would probably just lead to the corporation taking more and more of a role until thet take over development of the FOSS projects they care about, which is a particular nightmare I would prefer to avoid
was upset enough when Microsoft bought Github