It’s clearly not about the money and more about the accomplishment. Serenity isn’t centered around commercial objectives, the entire project is about promoting the community hacker spirit for fun and exploration.

Because SerenityOS’s single, young modern C++ code base is so hackable it’s a lot easier to understand how everything works.

Here’s an interesting analysis by Live Overflow who discovered a kernel exploit with ptrace explaining that SerenityOS’s code base is ideal for learning about OS’s because it’s much more readable than Linux’s code base. The whole analysis is very interesting and provides great insight into how kernel exploits are discovered:

https://youtu.be/oIAP1_NrSbY

So why pay anything at all and not just keep it merely about recognition, etc.?

It’s just a token amount that qualifies as a bounty.

No one is doing it for the monetary value, it’s a token prize offered when succeeding in discovering a vulnerability. Did you watch the video? LiveOverflow is a YouTube channel dedicated in discovering security vulnerabilities who explain why SerenityOS’s code base is a great code base to study for this.

Thanks for explaining. Now the obvious question is why not just $1 then? With $5 increments you could never reach 1337 level!