Linus Torvalds once went on record saying security vulnerabilities are no more important than regular bugs.

This of course made vulnerability researchers seethe worse than aggrieved Redditors.

It turns out he was right all along.

The author also gets it wrong by assuming that regular bug reporters are not "providing a service". They are.

When I wrote up a bug report, I made sure it's thorough with detailed steps to reproduce. It takes a lot of time and I've done it professionally for projects you've absolutely heard of.

Having said that, getting them ignored repeatedly and — even worse — having my detailed PRs rejected, sometimes within minutes, as if I'm some ignorant luser is why I don't do it anymore. My time is more valuable than your hubris.

A lot of open source developers have their heads so far up their own asses they forgot that it takes a community for projects to be successful.