I find it so brilliant, that You have such good and transparent documented principles and processes, like the ones linked in the
Bit-flipping-attack vulenrabilty disclosure:
Responsible disclosure process.
Privacy policyIt's just so ideal and exemplary.
I have never seen such a good handling of security and privacy issues. To be good there, it's also significant to be simple and clear. And so few have the courage, to be it. In my experience, for good reasons.
The vast majority of IT projects/companies either are intransparent regarding security/privacy, or state that they have no policy or just store forever (like this forum project, see the answer for my request for a forum privacy policy statement
here), or e.g. if You want to write an job application, I have never seen a PGP key offered for hopefully at least more secure transmission of the private data or a simple transparent privacy policy regarding that private application data).
So: Many, many thanks to You, that You give such good input to the IT world!
Regarding bug bounty: Maybe it would be a good motivation, to give security researchers some monetary benefit of their work. What about a bitcoin donation address for bug bounty?