There is some distribution of effort/expertise at least:

When an individual researcher or an organization discovers a new bug in some product, a CVE program partner — there are currently a few hundred across 40 countries — is asked to assess the vulnerability report and assign a unique CVE identifier for the flaw if and as necessary.

https://www.theregister.com/2025/04/16/homeland_security_funding_for_cve/

Not on Firefox, some site functionality is disabled: https://medium.com/@leonardodna/the-ultimate-newbie-guide-for-self-signed-certificates-d81aa3b9987b

I know what you mean but using real self-signed certificates (i.e. no CA at all) with modern browsers causes so many issues I find them unusable.

I’ll mention this as no one has yet but you can be your own CA. Tools like mkcert make it easy

https://github.com/FiloSottile/mkcert

This is potentially more hassle (than using public DNS) as you have to get your CA certs onto every device. However it may be suitable depending on the situation.