always_learning

I've very interested in writing a python wrapper for an open source scala project. However, there doesnt seem to be much documentation on the process online. Does anyone have any information they could please share?

Who owns software vulnerabilities?

The hacker who discovered the vulnerability, the company who owns the code/hardware, or if its open source then the maintainers?

Is this written in law anywhere?

Saw a similar post on reddit but it didn't have many responses. I'm also very interested in the subject.

Considering one already has experience in security. E.g. Bachelors/Masters level courses, practical bug bounties, CTF and can use metasploit. These all teach the users how to use tools, or to find pre-existing/known attacks and vulnerabilities.

How does one jump from this to finding new/undiscovered vulnerabilities in applications, operating systems that could be made into actual CVEs?

Does anyone have experience in this?

For example, how do those in Google Project Zero perform such finds?

Thanks.