[zeroCalories]

You're both missing the point. Consider this: you're a big tech engineer, would you risk your career and many years in jail for 75k? Of course not. How about 5 million? Maybe you would... Big tech already has a massive problem with insider threats, they don't need to offer some of the most clever programmers in the world(their employees) a massive incentive to screw them over.

[c4wrd]

The point you are missing is that many of us do not have big tech careers. I am very fortunate to have a big tech career, but before I was hit by a stroke of luck, I was doing gig work paycheck to paycheck barely making ends meet. When you can’t see more than two weeks ahead in time, which you cannot do living paycheck to paycheck, you don’t think about the long term consequences because you are not capable of it. The incentive structure is too strong to sell zero days to any external party for those who have nothing to do all day but try to find exploits.

[dmurray]

I think GP is suggesting an insider could introduce a bug, have a confederate "find" it, and split the money. At $5m I think more than a few big tech employees might decide to write themselves a new minivan.

[bahmboo]

I think you'd have a tough time deliberately putting something like that in at a large company. The cost of failure is losing a very good job.

If you discovered a vulnerability and sat on it for a future payout that would be more likely, yet still risky.

Though it does come down to choosing to do crimes in the face of incentives and disincentives. Nothing unique here - humans break the rules all the time.

[zeroCalories]

It's trivial for a motivated engineer to deliberately introduce bugs, most couldn't avoid it if they tried. It wouldn't be too hard to pass it off as an honest mistake either. You might not even lose your job, as a lot of places have a "blameless culture".