Re: @John Smith 19
"Pay us or we'll steal from you/your customers? What is the difference between that an extorsion?"
I guess you didn't read the rest of what I wrote.
"This is a Board level issue. Someone saves you a $m+ hit from a hack a script kiddie could mount at any time and you want to hand them a f**king tee shirt? How about $100k instead?"
The implied but not stated point of that paragraph was twofold.
1) If a major part of the value your business adds to it's products or services comes from your in- house software that development process (including bug handling) should have Board level representation.
2)The reward should be proportional to the potential damage. Some would say 10% is not generous. But it depends how bad is the software your company writes.
Keep in mind time is usually a factor with these things. You seem to be thinking that the first finder who reports to the company is a) The 1st finder ever and b)They will be the only finder.
Both of these assumptions are naive.