Let's standardize the payments for bug bounties

It's being proposed that there be a standardized payment for bug bounties. Stefan Frei, research director at NSS Labs, has put out a manifesto suggesting bug bounties be set at the level of $150k per exploit found.

"It is time to examine the economics of depriving cyber criminals’ access to new vulnerabilities through the systematic purchase of all vulnerabilities discovered at or above black market prices," Frei argues. "Security depends largely on ethical researchers reporting vulnerabilities under the practices of coordinated disclosure. Meanwhile, the black market is expanding rapidly and offering large rewards for the same information. Traditional approaches based on 'more of the same' cannot deliver better overall security."

You might be surprised to know that governments are the biggest buyer of vulnerabilities. But then again, maybe not.