The Internet Bug Bounty awards security research into libssh. If your vulnerability meets the eligibility criteria, you can submit the post-fix information to the IBB for payout. As the IBB supports the whole vulnerability lifecycle and open source efforts, these bounty awards are awarded as an 80/20 split, where 80% will go to you, the finder, and 20% will be given to the Software Freedom Conservancy on behalf of libssh to continue to support open source software efforts.
To submit eligible vulnerabilities for a payout go to https://hackerone.com/ibb for submission instructions.
The project maintainers have final decision on which issues constitute security vulnerabilities. The IBB team will respect their decision, and we ask that you do as well.