Bug Bounty Hunters Weigh In On Google's Vulnerability Reporting Program
An anonymous reader writes "InfoWorld reached out to three security researchers who participate in Google's vulnerability reporting program, through which the company now offers as much as $20,000 for bug reports. They provided some insightful perspectives on what Google (and other companies, such as Mozilla) are doing right in paying bounties on bugs, as well as where there's some room for improvement."
In theory, theory always works. In practice it often doesn't. It's worse if you start off with a completely off base theory. If you have 10,000 black hats, it takes 1 white hat to squash the bug. If you have 1,000,000,000 black hat hackers it takes ... wait for it ... 1 white hat to squash the bug. In the prisoner's dilemma there is no "good guy". It's a completely different scenario.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun