Microsoft joined a host of Web companies — including Google, Facebook, and Mozilla — to offer cash rewards to security bug finders. Microsoft’s grand prize of $100,000 — far bigger than that offered by any other vendor — is incentive enough for low- and midlevel criminals to deliver their discovered bugs directly to Microsoft. The biggest problem with bug bounty programs is that you never know which security bugs will “go big” Very few security bugs, no matter how severe, end up exploiting millions of customers.”]
Source: https://www.csoonline.com/article/2611384/why-bug-bounties-aren-t-a-cure-for-broken-software.html