All tech companies with excess cash should offer these types of bounties and responsibly disclose the security vulnerabilities so that they can be fixed.<p>I think governments (including states) should also offer these bounties for their own systems. Nothing too outlandish because it's costing taxpayers, but at least make it worth researchers time and ensure that the proper disclosure methods are in place. They should also make it clear that any security vulnerabilities that are properly disclosed will not be prosecuted for "hacking their systems".