SoylentNews is people
SoylentNews
Last week Apple made its belated entrance into the bug bounty market, announcing a top award of $200,000 for major flaws in iOS, but Cook & Co have been comprehensively outbid.
On Tuesday, exploit trading firm Exodus Intelligence said it is willing to pay $500,000 for a major flaw in iOS 9.3 and above – and the exploit to use it. Researchers can either take a lump sum or accept a smaller sum and quarterly payments until the exploit is found, which the company's founder told The Reg could add up to even more.
"The majority of our clients are defensive vendors, penetration testers, and red/blue teams," said Logan Brown, president of Exodus.
Apple exploits get the highest reward, reflective of their scarcity. Microsoft and Google's bug bounty programs will also need to up their rewards to match Exodus's prices.
[...] Security experts are worried that the hoarding of serious flaws will have a deleterious effect on overall security for everyone. Exodus attempted to reassure people on this front by beginning a vulnerability disclosure process back in February, but it only discloses after it has extracted the "maximum value for our customers."
(Score: 0) by Anonymous Coward on Friday August 12 2016, @05:36PM
If they actually pay up it's not a problem for people in cheaper countries. USD500,000 = 33,452,500 Indian rupees. 33.4 million rupees
Salary for Senior Software Engineer in India: http://www.payscale.com/research/IN/Job=Senior_Software_Engineer/Salary [payscale.com]
Let's say 1M rupees per year. So that's salary for 33 years. If you're not a total retard for finance stuff I'm sure you'd do fine even if you don't work for the rest of your life.
Cost of living: http://www.numbeo.com/cost-of-living/city_result.jsp?country=India&city=Hyderabad [numbeo.com]
You could work part time doing something else, or even look for another bug. Maybe you'll find another in 3 years, in which case you're really set for life (in India anyway). Or go find some bugs elsewhere: https://www.theguardian.com/world/2016/apr/02/meet-the-bughunters-the-hackers-in-india-protecting-your-facebook-profile [theguardian.com]
I don't live in India and USD500,000 is about 20-30 years salary too for IT people in my country. So if I had the skills (I don't) and these bunch actually pay up, it's pretty good.
BTW this is why many of your jobs are getting outsourced. We may not be as good as the top 20%, but 80% of you should be concerned: http://thenextweb.com/shareables/2013/01/16/verizon-finds-developer-outsourced-his-work-to-china-so-he-could-surf-reddit-and-watch-cat-videos/ [thenextweb.com]
Apparently Bob had the same scam going across multiple companies in the area (this part is a little unclear given that he clearly couldn’t physically go into work for all of them), earning “several hundred thousand dollars a year,” and only paying the Chinese consulting firm “about fifty grand annually.” At the unnamed company, he apparently received excellent performance reviews for the last several years in a row, even being hailed the best developer in the building: his code was clean, well-written, and submitted in a timely fashion.
We'd be competitive with the AIs and robots for a bit longer than you will be, so if your country is rich enough you should really look into that Basic Income thing.