top | item 7581800

What if there were a $1M bounty per new security bug?

2 points| geophile | 12 years ago | reply

Suppose there were a $1M bounty paid for each new security bug found in certain pieces of critical open source software? I'm thinking of packages like OpenSSL (obviously), glibc, etc. I think that an incentive of this sort would motivate not only individuals to find and report bugs, but also the development of new tools, (and use of existing tools), to accelerate the search.

A coalition of the major tech companies could easily fund a few thousand of these bounties, and we would quickly get a much more secure internet.

3 comments

[+] Shalle|12 years ago|reply

Where would these freeware/open source projects get several millions from to pay as bounties...

[+] geophile|12 years ago|reply

Read the last sentence: The bounty would be paid by major tech companies, who, after all, benefit greatly from this software, and are getting screwed by the holes. Google, Yahoo, Amazon, for example.

[+] sp332|12 years ago|reply

A few thousand million-dollar bounties? I don't really think it's worth billions of dollars to those companies.