But that's would be counter to their interests. They want to hire this kid when he graduates. If they paid 10x their current bounty rates they'd have paid over $400,000 to him in the last couple of years of his free time. That's a great way to never be able to hire him.

> That's a great way to never be able to hire him.

Why's that? It's not retirement money. 400k (salary+stock) is one year of compensation for some Google engineers.

Dude has cashed out a $10k and $30k bug bounty at the age of 18. Either he's lucky or he's very good. If he's the latter that $400k turns into an annual bounty.

And very, very few Google engineers make that kind of money.

> And very, very few Google engineers make that kind of money.

You'd be surprised. In Mountain View, everyone level 6 or above makes at least that amount, and most level 5s probably do as well. I'd guess that probably 20% of engineers are T5 or above, which is a ton of people when you multiply by tens of thousands of engineers.

Very few as a ratio. There aren't that many T6's and I'm not sold on the idea that "most" T5's are making $400,000 when the average is around $350,000 according to levels.fyi.

I suspect the bug bounties are much more about deterring the sale of exploits to bad actors than about recruiting employees.

It's both. You could do the former by throwing huge sums of money at the problem.

What's your definition of huge?