TO HELP shield their products from ransomware like the recent worldwide WannaCry attack, most big software-makers pay "bug bounties" to those who report vulnerabilities in their products that need to be patched. Payouts of up to $20,000 are common. Google's bounties reach $200,000, says Billy Rios, a former member of that firm's award panel. This may sound like good money for finding a programming oversight, but it is actually "ridiculously low" according to Chaouki Bekrar, boss of Zerodium, a firm in Washington, DC, thatis a dealer in "exploits", as programs which take advantage of vulnerabilities are known.
展开▼