

What if there were a $1M bounty per new security bug? - geophile

Suppose there were a $1M bounty paid for each new security bug found in certain pieces of critical open source software? I&#x27;m thinking of packages like OpenSSL (obviously), glibc, etc. I think that an incentive of this sort would motivate not only individuals to find and report bugs, but also the development of new tools, (and use of existing tools), to accelerate the search.<p>A coalition of the major tech companies could easily fund a few thousand of these bounties, and we would quickly get a much more secure internet.
======
Shalle
Where would these freeware/open source projects get several millions from to
pay as bounties...

~~~
geophile
Read the last sentence: The bounty would be paid by major tech companies, who,
after all, benefit greatly from this software, and are getting screwed by the
holes. Google, Yahoo, Amazon, for example.

------
sp332
A few thousand million-dollar bounties? I don't really think it's worth
billions of dollars to those companies.

