undefined | Better HN

0 pointsarcticfox9y ago0 comments

But if the police want to incentivize you to find cocaine, how hard are you going to look for only $500?

In the sense that "Oh yeah, I just casually stumbled on an enormous exploit of security software" the bounty is a good deal. In the sense that "Should I look for holes in this thing? Is it worth my time?" it's absolutely not unless the person is interested in it academically or for reputation.

0 comments

Domenic_S9y ago

I see it more like gun buybacks -- "we're not going to ask too many questions, you already have this dangerous thing, give it to us and here's some cash."

In other words, I don't believe bug bounties incentivize people who would otherwise not already be looking, but it gives them a safe outlet and official validation that they can put on their resume/website/whatever.

j / k navigate · click thread line to collapse

0 pointsarcticfox9y ago0 comments

But if the police want to incentivize you to find cocaine, how hard are you going to look for only $500?

0 comments

Domenic_S9y ago

I see it more like gun buybacks -- "we're not going to ask too many questions, you already have this dangerous thing, give it to us and here's some cash."

j / k navigate · click thread line to collapse