Ok? I agree with everything. What does that have to do with reporting exploits that don't have bounties?