Description
Hello,
I've recently open few issues on the 3rd party modules h1 bounty program and I'm noticing a bit of delay in responses from the team, e.g. a bug that was fixed two months ago after I contacted the developer myself is still in triaged status without any response but h1 staff ones.
I understand the amount of effort involving managing the program itself but leaving open issues for a long time without any interaction can damage the whole initiative, especially when the only party not actively participating in the resolution are the program managers themselves.
Do you have any thoughts on how we can improve the bug hunters' experience by providing a smoother resolution and achieve more prompt reactions?
I maybe have a couple of suggestions already, that are:
- predefining a standard flow/timeline that the staff can follow in order to contact the maintainer for a fix and/or disclosure of (un)patched issues in a reasonable amount of time? (like google project zero)
- increase the number of people actively collaborating to the bounty program
I will be happy to hear from you what are your thoughts on this particular topic.
PS: I can eventually be available to help with the program in my spare time.
EDIT: regarding 1., I noticed that a process is already defined here.