Right, but I think they're talking about a marketplace of friendly hackers that are motivated by big winnings if they successfully penetrate a system. As opposed to a security consultant who gets paid to test a company's security and write a report, regardless of the findings.
This does already exist, to a limited extent, as the security bug bounty programs that some companies have on public offer. For example, Amazon says they'll offer you $15,000 if you find a "critical" security bug in one of their services; Google offers up to $31,337 for discovering a remote code-execution bug. https://hackerone.com/bug-bounty-programs
This does already exist, to a limited extent, as the security bug bounty programs that some companies have on public offer. For example, Amazon says they'll offer you $15,000 if you find a "critical" security bug in one of their services; Google offers up to $31,337 for discovering a remote code-execution bug. https://hackerone.com/bug-bounty-programs