[H8crilA]

Not sure why you're downvoted, but the $3M/year total rewards payoff is likely smaller than the corporate administrative and developer time (for review) costs. I.e. if this was a charity it would pay out less than 50 cents on the dollar.

[tptacek]

I downvoted because "cybersec researchers" do not in fact routinely make 7 figures. For strong pentester types reporting the typical (real) vulnerability the VRP handles, the median is probably in the low 6's.

[na85]

6 figures from breaking systems and reporting them responsibly?

Sounds amazing, what's the catch?

[tptacek]

There's no catch. You want a job as a pentester. That job is in high demand.

[kasey_junk]

Frankly low 6 figures sounds low for a software job. How do you attract talent at that level?

[tptacek]

The median bounty hunter isn't an SFBA software developer.

[kasey_junk]

Is it international arbitrage? Or something else cause low 6 figures is now the going rate all over the states.

*not trying to be argumentative just trying to price the market.