Bug bounty programs are interesting. I wonder if it wouldn't be a good use of tax payer dollars to pay people at the nsa or similar organization with computer security responsibilities to churn away at these programs. As in "spend one month a year doing big bounty programs, collect your normal salary, keep whatever you earn" ...