At the beginning of the year, the EU announced a massive bug bounty program with nearly US$1M in rewards.
They quickly were hit with a backlash because of a lack of resources to help open source project maintainers. This post explains some of the other darker issues around bounty programs, and shows how it isn't just about finding the bugs but having follow-ups and fixes too.
