Does this count as a bounty? I'm new.

This page summarizes the projects mentioned and recommended in the original post on

Our great sponsors
  • Appwrite - The Open Source Firebase alternative introduces iOS support
  • SonarQube - Static code analysis for 29 languages.
  • Scout APM - Less time debugging, more time building

    Static website for security.txt.

    Vulnerability Disclosure Programs (VDP): this is where a company offers (partial) Safe Harbor for you to responsibly and securely disclose a security issue you found. This is part of ISO/IEC 29147. Instead or in addition to this, a company might implement RFC 9119 (see:, or a security.txt file with details on how to contact security.. This is where the company wasn't asking you to poke around, but they still want to be available and know about the problem. VDP submissions rarely pay anything out.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts