Here’s another piece of good news for security researchers. Etsy - the world’s most vibrant handmade marketplace – has launched its security bug bounty program.
On April 17, 2012 the company introduced a special webpage for security experts who wanted to responsibly disclose any flaws that they found on the website.
Since the reports they have received so far have been “excellent,” the firm has decided
to reward those who contribute to making the service as safe as possible.
Those who find interesting things (from a security standpoint) will be rewarded with a minimum of $500 (400 EUR), and will receive Etsy Security Team T-shirts. The reward will be considerably increased in case “distinctly creative or severe security bugs” are identified.
To ensure that the researchers who have reported vulnerabilities so far are not disappointed, Etsy will be retroactively applying the aforementioned bounty.