A company is offering up to one million dollars in bounties for anyone who finds and reports exploitable zero-day flaws in the Tor Browser.
Zerodium’s payouts fall off from there. But even if someone simply demonstrates a RCE flaw without local privilege escalation in either Tails Linux or Windows, they can still hope to collect a reward of $75,000.
So what’s the reasoning behind this bug bounty push? Zerodium https://www.grahamcluley.com/million-dollar-tor-zero-day/