We want to encourage the discovery of security issues within our web applications with the goal of keeping our users safe. We also want to reward security researchers for their efforts with the hope of furthering constructive security research.We're rewarding you for finding a bug, not trying to buy your cooperation. However we do invite you to work together with us, and we hope that you'll accept that offer in the spirit in which it was intended. In return you'll get the opportunity to work as a full member of the team fixing your bug and see "from the inside" exactly how Mozilla security bugs get resolved.Izvor: http://blog.mozilla.com/security/2010/12/14/adding-web-applications-to-the-security-bug-bounty-program/

Nesto slicno radi i Google: http://googleonlinesecurity.blogspot.com/2010/11/rewarding-web-application-security.html