For those interested by this problem and want to subscribe (form of voting) to add your voice, see: https://bugs.launchpad.net/sna...

Your printer example is wrong. Under Linux, it is easy. You should take scanners as an example instead, because there are no GUI for adding a Scanner manually if it is not detected automatically.

I wonder what RedHat and Canonical use within their organization for email and calendar software.

Why would the have hardware problems? They purchased hardware meant for Windows machines? Couldn't they purchase hardware from Dell or System76? Do they try to install Mac OS X on Asus laptops? Why then they try to install Linux on Windows hardware? Stick to vendors that provide support for your OS, and you will have less problems. That is why Macs are considered good; nobody really tries to set Mac OS X on a Windows machine.

The good news is that all of this is voluntary. If you don't like the program or the rewards, there is no obligation to participate.

It should be noted that the reward from Google is on top of whatever the company in question may pay. Companies that develop Android apps can start their own programs with their own bounties. Google's program comes on top of that.

As a hacker, the more you submit valid vulnerability reports on HackerOne, the more skilled you will become and the higher your reputations score will go. This in turn will allow you to make money on many other programs.

It's not easy to become a top whitehat hacker, but if you do, the rewards are significant.

Here is how HackerOne celebrated the $500,000 milestone for a hacker: https://www.hackerone.com/blog/mlitchfield-Earned-500000-on-HackerOne

(Sorry for first posting this as Anonymous Coward. I had forgotten to sign in.)

This is an interesting question. We don't really know what will happen long term. One possibility, as you point out, is that black markets will always outpay any other market. Another possibility is that the ethical hacker community will become so large and strong that they will find all those same vulnerabilities and deliver them to the system owners before the black market gets to build exploits and use them for nefarious purposes. It takes just one ethical hacker who finds a critical 0day to deliver it to a service like HackerOne, and the market for that vuln is over. Although asymmetry is usually in the favor of the criminal actor, in this case it is in the favor of ethical behavior. One ethical hacker can put an end to the sale of a 0day on the black market.

What I find interesting is that a regular newspaper will write about this despite it being a highly technical topic. The readers of New York Post are regular citizens. This shows that software security and the hunt for bugs are becoming important enough to be presented to the broader public.

Given the ease of submission and speed of payment, a bug bounty can be very well worth it. On HackerOne, there is a hacker who made over $600,000 in two years with most of the individual bounties well under $10k.

Troll... But I'll bite and answer. You can say the same thing about schools going for tablets (Android & iPad) and Chromebooks. Also, there are some institutions, mainly gouvernemental institutions in Europe switching massively to LibreOffice and Linux... Ok, the story is about the USA, but it does show that the market could change. Beside, I expect someone to be able to adapt to a new OS and tool suite quiet easily. Even with a FOSS background, these kids will easily be able to adapt to any job requiring Windows and MS Office.