To add to this, when reporting bugs (security or otherwise) I regularly feel like it's not worth my time to fix them because it takes me 2 hours to try to get the code to compile in the first place, sometimes you need to sign legalese to be allowed to help them, then I still need to figure out what the project's structure is and decide on how to best fix it (perhaps discuss it with the maintainer(s)), and then I haven't even started writing code yet. Meanwhile, I know that when maintaining my own software, it takes me 30 seconds to open up the project and I'll be literally 5 times faster working on a fix with all the context that is in my head and usually don't need to consult with others.
It's like if you kept trying to fix other people's cars when you know only the principles of a combustion engine, own an electric motorcycle yourself, and those cars would be very different from each other: I'd much rather someone does it who actually knows what they're doing, it would save all parties a lot of trouble. Diagnosing problems very specifically should already help them a lot of the time they would otherwise have to put in.
