Judge Adams issued a statement asserting that his daughter released the tape to retaliate against him for withdrawing his financial support.
Oh, so he abuses his children and then also doesn't support them financially, sounds like a real winner!
Your observation, that a bug hunt will reveal lots of inconsequential bugs, but the few significant ones make it worthwhile -- well, that's entirely the expected result, surely?
Well, I could make some argument about whether it's generally worthwhile even for a few significant bugs... if they are significant, it's likely they would be found and reported in short order regardless of a bounty. And especially if there's a backlog of bugs, I'd say those should take priority over finding new bugs that haven't actually bothered anyone yet.
The security aspect is different though, because those are bugs that have a motivation to go unreported. And there's the 'papercut' type, where small annoyances go unreported. I'd consider it an good question whether bounties are more effective than simply paying an expert (or several) the same amount up-front to comb through things. The old crowd-source vs. out-source argument I guess.
I think the point he's getting at is that a lot of the bugs are not the ones that would trouble users (i.e. they only appear "in the lab"). So although it's still good to fix them, they are low priority.
The farming analogy is bad because it implies people are creating these bugs just to turn them in, which as everyone is pointing out, doesn't make sense and would reflect poorly on the buggy developer, so it would be self-limiting. Instead, I propose he should have said "imported" rats instead of "farmed" rats: instead of killing the rats in the city (the "high priority" ones), people are going out into the country and killing rats that weren't really bothering anyone. Eventually they or their descendants might make it to the city and cause a problem, so we're certainly not sad to see them go (environmental concerns breaking the analogy here
I could have sworn there was an article/blog post a little while back with statistics from a bug bounty program where most of the bugs were relatively trivial (found by automated methods, style consistency, etc.) or else quite obscure, with only a couple 'interesting' ones. But all I can find is this slashdot article, which I don't think is the one I'm thinking of. But I remember the author's summary was also that he still appreciated the peace-of-mind that others had looked through his code and that was all they had come up with, so still a net positive.
I was playing poker the other night... with Tarot cards. I got a full house and 4 people died. -- Steven Wright