@addison That’s approximately the same reason why the Mozilla bug bounty program doesn’t require exploits as part of the report. Source line and explanation is enough. We font want to incentivize people learning how to attack Firefox users. Sure, a PoC helps during QA, but we don’t need a working exploit. We just want to fix the bug :)
=> More informations about this toot | View the thread | More toots from freddy@security.plumbing
=> View addison@nothing-ever.works profile
text/geminiThis content has been proxied by September (3851b).