With the contributions of the rest of the Gallery team I put together Gallery's first every "bounty" plan. We're not the first Open Source project to do this, but it's still not as common as it could be. The basic idea is that we get a lot of donations from our users and a lot of money from advertising on our website, but don't have a lot of expenses. We have to pay for server hosting (We rock ~2Mb/s outgoing traffic 24/7) and an annual developer conference (this year will be our third!), but thats about it! For Gallery 2, we started paying security companies to do security reviews of each major Gallery 2 release, and a security company is currently doing the first and only paid review of Gallery 1, but there is still money left over. So to help the project continue to grow (and spend this money) we're now paying anyone on the Internet that submits a valid security report or implements to our satisfaction one of the top 10 features (as voted on by our users) in our list of open feature requests and bugs. So what are you waiting for? A security report that requires us to release an immediate fix is worth $1000! You can read all the details in the Gallery bounty program announcement.