[Cumpiler69]

>I suspect they aren't keen to encourage a bunch of random people to try and poke holes in their security with the expectation of a cash price

You can either reward your own citizens with large cash prizes, OR, you can reward Russia/China with your data since they'll gladly poke around for free.

This is being penny wise and pound foolish.

[master-lincoln]

Weird nationalistic view... I would reword this as rewarding criminal activity of any interested party

[alexvitkov]

Going off my SSH logs, it's more or less correct, statistically speaking.

[bell-cot]

Most humans (including, obviously, ethical hackers) have some motivations which are not financial. And politics and small-country financial reality almost certainly preclude outbidding China, Russia, & such for bugs.

[Cumpiler69]

>Most humans (including, obviously, ethical hackers) have some motivations which are not financial.

Most humans also need a full-time job to survive. If I wouldn't have to work a job to live, I would have more free time for good Samaritan pen-testing for the government if that would pay my bills instead.

In some socialist European countries, artists get subsidized by the state to create "art" instead of working. Why can't we do that with pen-testers? Sit around at home on UBI and look for zero-days in government infrastructure?

[bell-cot]

Sounds like the Dutch gov't prefers to employ folks who've gone through their hiring process. Their choice, and there are plenty of org's with more-generous bug bounty programs.

(BTW, maybe check on the origin of "Good Samaritan". His saintly disinterest in any sort of personal gain was the whole point of that story.)