Bounties can be effective when the tasks are vetted by maintainers themselves, and when they fund well-scoped, finite tasks that are specialized or otherwise difficult to attract talent for, such as design work or database migration. For example, security bounties tend to work well because they tap into a wider pool of developers with specialized skills, encouraging them to tackle a one-off task that a project’s maintainers might not otherwise accomplish on their own. For security-related issues, it’s actually better when the participating developers aren’t already familiar with the codebase,
...more
