Zoom recently increased its maximum payout for vulnerabilities to $50,000 as part of its crowdsourced security program. Such a lofty figure makes great headlines, attracts new talent in search of the big bucks, and raises the question — how much is a vulnerability worth?
I found several bugs in Zoom’s products several years back, when its crowdsourced security program was a fledgling enterprise. Three of them were found by others before me — what we call a “duplicate” in crowdsourced security — meaning you get no reward for your time or effort even though it’s a valid bug.
