Currently researchers complain that many of their reports never get seen. To address this issue we're thinking of publishing pending and unfixed reports after a set amount of time and after giving the maintainer a fair warning on a public channel.
Clarification:
As long as disclosures / fixes don't get validated by the maintainer, they won't get paid nor receive a CVE. This initiative only affects visibility and nothing else.
Pitch
Clarification: As long as disclosures / fixes don't get validated by the maintainer, they won't get paid nor receive a CVE. This initiative only affects visibility and nothing else.