Why bug bounties aren't a cure for broken software

LinuxSecurity.com: Microsoft joins other vendors in rewarding those who privately report software vulnerabilities — but that may not reduce customer risk