[HenryKissinger]

They need to mltiply these amounts by 50x. Cybersec researchers make 6-7 figures. 20k is almost nothing.

[H8crilA]

Not sure why you're downvoted, but the $3M/year total rewards payoff is likely smaller than the corporate administrative and developer time (for review) costs. I.e. if this was a charity it would pay out less than 50 cents on the dollar.

[tptacek]

I downvoted because "cybersec researchers" do not in fact routinely make 7 figures. For strong pentester types reporting the typical (real) vulnerability the VRP handles, the median is probably in the low 6's.

[na85]

6 figures from breaking systems and reporting them responsibly?

Sounds amazing, what's the catch?

[tptacek]

There's no catch. You want a job as a pentester. That job is in high demand.

[kasey_junk]

Frankly low 6 figures sounds low for a software job. How do you attract talent at that level?

[tptacek]

The median bounty hunter isn't an SFBA software developer.

[fooker]

Not everyone can move from wherever they are to the Bay area though.