"Coincidentally, the WontFix bug also turns out to be a WontPay bug: Google's Vulnerability Reward Program reviewed it and decided not to offer any reward."
That's just stingy, isn't it? Fair enough, going forward, once you've made it policy not to pay for ASLR escapes, but it's as mean as HP to refuse to cough up because you're retrospectively marking a mechanism as defunct.
Biting the hand that feeds IT
