[georgemcbay]

Finding issues in large complex projects is generally easier than smaller projects. More code, more bugs. But its still difficult to find serious issues on the level of a sandbox escape in Chromium just because Google's long-running reward system means lots of people have spent lots of time looking into it, both manually and using automated fuzzer tools.

Back in ye olden days of 2014 I randomly stumbled upon a Chrome issue (wasn't trying to find bugs, was just writing some JavaScript code and noticed a problem) and reported it to Google and they paid me $1,500. Not bad for like half an hour's work to report the issue.

https://issues.chromium.org/issues/40078754