Chris Evans, a Google security engineer and a member of the IBB said that “IBB culture is to look mainly at whether a given discovery or piece of research helped make us all safer. Our aim is to motivate and incentives any high-impact work that leads to a safer internet for all”.



Evan said “IBB does not want or need details of unfixed vulnerabilities — that would violate strict need-to-know handling”



“Once a public advisory and fix is issued, researchers or their friends may file IBB bugs to nominate their bugs for reward. Or, for important categories such as Flash or Windows / Linux kernel bugs, panel members keep an eye out for high impact disclosures and nominate on the researchers’ behalf. Because we care.”