Twitter recently announced that it will give security researchers who find security flaws in its tools cold, hard cash, not just a pat on the back. The company is partnered with the existing bug bounty program HackerOne, which offers a minimum of $140 for each bug and has no maximum payout for bugs disclosed responsibly. Meanwhile, Gizmodo has called for Apple to launch a bug bounty program.
These commercially-focused companies are taking cues from the successful bug bounty programs that have existed at companies like Mozilla and Google for years. The trend will only continue, and leverages principles that come from the open source community.