The TSC maintains a Linux Foundation Crowdfunding account to accept the project's share of bug bounties paid out by the Hackerone bug bounty program.
The funds are to be used to encourage contributions to the project with respect to security and in particular the handling of vulnerabilities.
This document outlines the use this account.
The account is associated with and Linux Foundation Crowdfunding account. The user id and password are shared with TSC members through 1password.
Potential disbursements will be agreed through TSC discussion and before approval, documented in an issue in the TSC repository. The disbursement is considered approved once TSC consensus in the issue has been reached.
Once a disbursement has been approved the recipient will open a request through the LFX account in the amout approved.
The Chair of the Technical Steering committee will then "push the required buttons" in the LFX account to initiate the payout in accordance with the agreement reached in the TSC issue and if possible including a reference to the issue in the TSC repository.