Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
What if there were a $1M bounty per new security bug?
2 points by geophile on April 13, 2014 | hide | past | favorite | 3 comments
Suppose there were a $1M bounty paid for each new security bug found in certain pieces of critical open source software? I'm thinking of packages like OpenSSL (obviously), glibc, etc. I think that an incentive of this sort would motivate not only individuals to find and report bugs, but also the development of new tools, (and use of existing tools), to accelerate the search.

A coalition of the major tech companies could easily fund a few thousand of these bounties, and we would quickly get a much more secure internet.



Where would these freeware/open source projects get several millions from to pay as bounties...


Read the last sentence: The bounty would be paid by major tech companies, who, after all, benefit greatly from this software, and are getting screwed by the holes. Google, Yahoo, Amazon, for example.


A few thousand million-dollar bounties? I don't really think it's worth billions of dollars to those companies.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: