Just to be be clear I'm not supporting the low value of the bounty.
My point is that there's more to it than just that. Aside from the subjective point 1 in my comment, I think points 2 and 3 are very objective and don't really depend on the pay of the bounty.
If they find the bug and try to sell it on the dark/grey market, you risk litigation. If they are smart they can derive more value from it than just the bounty, although the bounty being bigger would be nice and would encourage more white hat hackers to invest their time on these programs.
So google cheaps out on bounties because developers are clamoring to do free work for mega-adtech corp in hopes that the clout they get from it will pay out down the road.
That's the most dystopian thing I've heard in a while.
My point is that there's more to it than just that. Aside from the subjective point 1 in my comment, I think points 2 and 3 are very objective and don't really depend on the pay of the bounty.
If they find the bug and try to sell it on the dark/grey market, you risk litigation. If they are smart they can derive more value from it than just the bounty, although the bounty being bigger would be nice and would encourage more white hat hackers to invest their time on these programs.