Bug bounty programs are something that almost every major (and many minor) companies have in place. Encouraging black hats and grey hats to act as white hats, a bug bounty program offers a reward-- usually both cash and company swag-- to a hacker for finding vulnerabilities with their website/service/product and disclosing it to the company. This is opposed to a hacker finding the vulnerability and then exploiting themselves or selling it on the blackmarket. By having a system in place, the company itself benefits by detracting hackers from exploiting their services, as well as have the luxury of a more secure system after the vulnerability is reported and patched.
There are various other rules and restrictions (as with any other bug bounty program) that can be viewed here in the terms and conditions. The minimum payout for any bug is $500.
Read more...