Bug Bounty

What if big websites could give bounties to bug finders?  

If you find a bug and report how to reproduce it in a way, they give you $20.  If it's a serious flaw in the foundation of the site or a big security issue, they give you $200.

Considering how many bugs I've found in big websites this week, and how many IT people said "huh.  um.  Oh.  That's actually a real bug.  um... I gotta wake up the manager right now.  Bye." I think I'm on to something.  

Along the same lines, I once had a guy pay me $20 to use the computer at his work because he was having a bad day.  I told him of my bad luck with computers.  He said he needed the afternoon off.
I pressed the space bar and the entire system nation wide went down at that moment.  I don't know why or how, but I got to keep the money and the guy went home early.

My experience with web development is that it is mostly a case of "it works, not sure why" now. Adding "features" is so easy that people forget it also adds bugs.
There are so many bugs around that only those that make a website totally unusable for anyone can be fixed.

The problem is, we are entering an age where the customer has so many choices that they won't spend money on a buggy website.  It destroys trust.  

I suspect the companies that will do best moving forward are the ones who care about the little bugs because it will make the customer feel safe that there aren't big bugs waiting to jump out and gobble up their personal data/money/time.  

I have seen where some companies hire people to try to hack into their systems and find those kind of bugs. I've seen where some companies sell an item at a low, mistaken price for bringing it to their attention. It would be nice if companies did what you suggest for any bugs. Small businesses might go for it, but I imagine it would get lost in the shuffle of management layers in larger corporations.

While it wouldn't hurt some bugs are not worth that and on the other end what if 50 or 100 people or more report the problem before it can be fixed or taken down?  I think things have gotten bad enough companies couldn't afford to pay for all of it.  I first started seeing stack overflow and buffer over run exploits in college in the late 80's.  They still happen today.  Why?  because fixing them isn't that simple because of how long and complex the code has gotten.  

The other problem is a reporting method.  I had one I wanted to report last night and there was no way to reach them other than order line phone.  They were doing a customer preference survey only who ever coded the survey forgot to add the pictures for the color codes.  So I had 8 options to choose from and no way to know what they meant.  So I simply clicked on blue2.  I did try and phone since it cost me nothing.  After an hour and half on hold music they just hung up on me.  Guessing they get too many problem people to filter them off easily and it is easier simply to block everyone.  

There would have to be a system in place where a bug finder can register and go through training for that specific company.  So maybe a third party bug hunter company could set something up to manage the finders, and the companies can register and pay a percentage.  The hunter company would manage the staff and training, a bit like the dictation sites work.

Then there would be a system in place for proper reporting.  And a system in place to decide who gets the cash.  

A lot of the problem with bugs is the Frankenstein nature of software development.  That's what really bugged me when I was learning to program, it was okay to take a broken thing and build on it without fixing the brokenness.  Or you take a more complicated system and try to build it on a less complicated foundation (8 bit foundation, with a 16 bit accessories - the math often adds up, until it doesn't).  It's as if people are too afraid to question the basic foundations of the program because it mostly isn't broken so why fix it when there are so many fun new features to make?