Bug Bounties


One nice thing which companies are doing this day is paying out cash rewards to people who find security vulnerabilities in their software. Discourse and Vanilla do this, although XenForo notably doesn't, although it is proprietary which complicates things.

One cash reward Vanilla paid out was $300 for a remote code execution vulnerability in I believe some sort of XF to Vanilla converter. This is a bit of a contrived attack and I would imagine something more direct would fetch a higher pay-out.