its a lot money to most people.

Of course, but it might be worth $100-200k if sold to a third party.

Edit: looks like I was wrong!

No, it would be worth much less than $10,000 to anyone else.

There is a specific kind of bug that is worth 6 figures on the black market: clientside remote code execution. Somehow, HN has gotten the impression that the going rate for the hardest bugs in the world to reliably weaponize is actually the going rate for all bugs everywhere.

So you're saying client-side remote code execution bugs are the hardest to reliably weaponize? Do I understand correctly? I figured those bugs would be the easiest to weaponize.

We mean different things, and it's me being imprecise. Substitute "generate" for "weaponize".