

Snakeoil vs. bounties - tptacek
http://blog.erratasec.com/2013/12/snakeoil-vs-bounties.html#.UrSFCWRDuIo

======
tptacek
_A company that offers a $25k vulnerability bounty is trustworthy -- a company
offering a $25k prize for some weird challenge isn 't trustworthy at all._

I don't always agree with Robert Graham, but when he's right, he's dead to
rights right.

