You want your vulnerabilities traded in underground forums?
Because that's how you make sure your vulnerabilities are not disclosed to you, but traded in underground forums.
Adobe has launched a bug bounty program that hands out high-fives, not cash. The web application vulnerability disclosure program announced today and launched last month operates through HackerOne used by the likes of Twitter, Yahoo!, and CloudFlare, some of which provide cash or other rewards to those who disclose security …
That makes perfect sense to you and I because we understand the basic mechanism of competition. Unfortunately, Adobe has never heard of it. Perhaps they will soon.
They can work if the level of prestige is high enough. Donald Knuth stopped handing out bug report cheques a few years ago because of fraud but no one ever cashed them - far better to frame it and hang it on the wall.
Which was in fact the problem - too many scanned images of the cheques online, complete with valid bank details, which is why he had to stop it.
However, that's a personal reward from a world renowned expert whose prestige is inflated on that basis. This is another utterly pointless metric to go along with your Facebook friends, Wikipedia edit count, Stack Overflow rep, Yahoo Answers points and so on almost ad infinitum. All of them essentially boil down to how much time you are willing to waste on something for no gain instead of any actual skill.
"This is another utterly pointless metric to go along with your Facebook friends, Wikipedia edit count, Stack Overflow rep, Yahoo Answers points and so on almost ad infinitum."
You missed out El Reg Bronze\Silver\Gold badges.
"...a real cost of zero"
1. Apparently not. I'm guessing that people that are paying to use their online services are getting hacked and asking for retribution. That is really just a guess, I have 0 proof of this, but it seems possible (or probable given it's Adobe).
2. You've been getting "Flash" free for years...at zero cost?
Instead of wasting money rewarding the monkeysresearchers for their work, they offer instead a virtual badge that will give the researchers as much true social recognition as farting aloud in crowded rooms.
Adobe's CEO (to himself): "I can envision thousands of hackers queuing at Adobe's HQ. For the first time in history, Adobe's products will be bug free!!!. A new age is coming for Adobe!!!"
And then he run out of bath salts.