Poking holes in Google tech bagged bug hunters $10M Google awarded $10 million to 632 bug hunters last year through its vulnerability reward programs. The web goliath's 2023 total represents a slight dip compared to the $12 million in bounties it paid the previous year. Hopefully this means more-secure products — not more researchers turning to the dark side and making money …
That's still good, I guess? I think we can forget the notion of companies designing secure from the start — good luck with that — so bug bounties are at least a way to find new vulnerabilities, and to give some cash to third-party white hats. They could get better results by raising the bounties, but...
Researchers will make a lot more money if they block all the malware ... but could then create some malware under the desk for the next set of events and a higher profit - I'm not saying that this is happening but I'm not confident that it doesn't happen. Looking at all the malware issues these days I wonder if malware creation is now an AI feature too?
The environment these days is that we are working hard 100% to detect and block malware but we're seeing more malware all the time ... we need to change the computing and data storage concepts completely.
In one year: Google --> "$10 million to 632 bug hunters"; Microsoft --> "$13.8 million to 345 researchers". So that's $15.8k each at Goo, $40k each at M$.
They could with that expenditure have easily paid the salaries of a sufficient number of in house staff doing debugging, considering that in house staff wouldn't be paid on the same notional "one bug each" model. However, farming out quality control seems to be the norm now, apparently regardless of cost effectiveness -- yet another example of how IT and common sense continue to diverge.
They already have people paid to do debugging, who are simply not finding those bugs — what's their incentive?
On the other hand, paying your own employees by bug fixed is an excellent way to have a lot of bugs in your software: "I'm going to code myself a minivan this afternoon!"
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
