QuicTLS will now pay for vulnerabilities reported (via HackerOne). We promise to share with OpenSSL and the major forks.
See https://github.com/quictls/quictls/blob/main/SECURITY.md for details. TL;DR, only HIGH vulnerabilities.
Please boost for reach.