Bounties: What to do with a high impact Drupal vulnerability?