| ▲ | securesaml 6 days ago | |
Google has a program where you can submit patches to OSS projects (including libxslt) https://bughunters.google.com/about/rules/open-source/492808... The patches need to fix a systemtic design flaw (which seems like you are trying to do). You are eligible even if you are a contributor: > Q: I'm a core developer working on one of the in-scope projects. Do my own patches qualify? > A: They most certainly do. Additionally, github has: https://resources.github.com/github-secure-open-source-fund/ Companies have changed after seeing the log4j incident and are open to funding open source security (but we still need more) | ||
| ▲ | nwellnhof 5 days ago | parent [-] | |
I'm aware of the Patch Rewards program. The problem is that you have to complete the work first and then hope that you'll be rewarded. They also had a Security Subsidies program with upfront payments but this was discontinued in December 2024. Github's program is restricted to Github repos, making it useless for many projects. | ||