"Schemes such as iDefense's Vulnerability Contributor Program
and 3Com's Zero-Day Initiative offer flaw finders a chance to get
paid for their work. In return, security firms get the chance to
add protection for upcoming flaws to their products, a useful
"value-add" in the highly competitive security tools marketplace.
Payments vary but tend to max out at around $10,000."