Awards paid out to anyone that produces verified evidence.
When fixed, start the bounty again.
If hacks take 12 months, each year the bounty could build to values that would attract the best code breakers. It should become harder to break things after fixes.
You want to build up a $1m, or even $10m, bounty over time to make a statement over security.
It's been talked about for a really really really long time - nothing ever happens.....
That's why I keep bringing it up. Someone will eventually yield. And it won't be me.
They key question is, have I already found a hole and just want paying for it?