@thisismissem@hachyderm.io ah understood. I didn't quite get how the fund worked, but it makes more sense now (and is much simpler—organizationally—for Nivenly!)
I don't think we'll add exclusions for security fund recipients
I would say, though, that one of the requirements has to be that the affected software accepts the vulnerability. Plenty of self-proclaimed "security researchers" have filed reports, and some go as far as to publish CVEs (against our own software!) without our permission.
Quite the opposite of responsible disclosure.