Companies like Groupon face a higher risk from dissatisfied(or the dumb ones exposed to phishing/social engineering ) employees leaking information than from external exploits, so they are screwed anyway if white hats/employees start acting in bad faith. They are counting on good faith of majority of the players and possibility of punishment via law enforcement to save them.
Obviously you would loose the best experts who will spend the time and have the expertise to find the most obscure vulnerabilities. If those researchers where not interested at all in the program ( too small bounty for the effort, groupon track record etc) then Groupon losses nothing by having stingy payment policies.
If I commit a crime and the evidence is in a Hilton hotel room in the UK nobody expects Hilton
Everybody however expects U.S. police to go the U.K. police and courts who will check if it was a crime in the U.K. in the first place then ask the U.K. Hilton to hand over the data, aka due process .
If tracking cash transactions were as easy as you make them out to be, every illegal laundering from drugs to arms would have been long shut down.
a unique serial number is not personally identifiable by itself. Cash is far more anonymous than bitcoin, yes people can theoretically track it, with bitcoin EVERY transaction is by definition recorded. With cash some transactions maybe recorded, retailers do not necessarily record the serial number of every bill of each transaction, while that is certainly possible it is still not common place. Even if all were tracked in the U.S. there are still plenty of holes in your graph, making it difficult to every get anywhere near full picture, primarily due to the nature of U.S. currency. Plenty of people in the world use $ as their medium of exchange, these people who feds have very little control over and can do little to track either.
This is BS, Crypto-currency has very little to do transaction privacy or central control.
if you are worried about privacy of transaction then use cash!
If you want use anything that has no value on its own as money be it paper (cash), plastic, or Hashes as a store of value, then you will have to trust someone to enforce it. Otherwise you are going to have volatility, and people losing money in scams just look at the ones happening in bitcoin.
I am broke / I have only this much cash / I cannot afford it despite your "attractive" financing / My wife/girlfriend/partner won't allow me to..
2. They process your transaction, run the payment gateway that interacts with dozens of banks in 100+ countries. they process transactions to the developers as well
3. Pay their transaction fees to banks and VISA/MC
4. Develop and maintain the SDK, and IDE etc that help the developers build the app in the first place
5. Keep your personal credit card info safe ( Then again, Perhaps not
6. You may use your data plan but apple still has to host the files on their servers, considering the amount of free apps downloaded, the deployment costs are certainly non trivial
7. Most importantly ensure significant user base is there for the developer to sell to, through marketing strategies like cross subsidy( sell you cheap phone, and recoup in app purchases)
All this of course does not mean they have to charge 30% margin, but certainly the cost is not trivial.
Very rarely the number of people directly employed makes the difference, If Microsoft is spending $1 Billion in the state, it will probably source significant % of components locally( usually part of any tax break agreement), that will generate lot of business for the local economy, the vendors will in turn will be ordering components, magnifying the effect on the economy, the state tax on all these other transactions will perhaps offset the breaks given to Microsoft.
On the other hand, paying 84 people for 6 years will do very little for the economy by itself
Different people are motivated by different things: security,money, or street cred,or just for fun, the reporter is under no ethical,legal or moral obligation to disclose to anyone in any manner; he is not the manufacturer it is not his fault the bug is there or his responsibility he did not built software/service using the buggy software that people paid for.
Preferential disclosure done which ever way is bad. Chances of black-hats getting hold of it becomes higher, if *some* special people know of it before others; what guarantee is there some dissatisfied employee won't leak it. what makes google, or Red Hat more special than Average Joe running his applications on top of OpenSSL with potentially compromised keys ?
Responsible disclosure has to be fully public; it ensures the manufactures fix it faster; there are vendors who fix zero-days only if they get exposed public exposure. just look at the way oracle fixes java zero days.