*To any mods that would attempt to move this post, please refrain from doing so, as this is not a concrete proposal, but rather a prompt for discussion.
There are three inevitable things in life: death, taxes and bugs in software. The features are important, but they are worth nothing if they are buggy.
Most of good cryptoexchanges has some kind of Bug Bounty. Example:
https://www.coinbase.com/whitehatRewards
The minimum payout is $100 USD and an entry in our hall of fame for reporting a new security vulnerability which results in a code or configuration change on our part. There is no maximum reward, and we may award higher amounts based on the severity or creativity of the vulnerability found. Researchers are more likely to earn a larger reward by demonstrating how a vulnerability can be exploited to maximum effect.
We use the following table as a guideline for determining reward amounts:
Vulnerability Reward
Remote Code Execution $10,000
Significant manipulation of account balance $5,000
XSS/CSRF/Clickjacking affecting sensitive actions [1] $5,000
Theft of privileged information [2] $3,000
Partial authentication bypass $1,000
Other XSS (excluding Self-XSS) $1,000
Other vulnerability with clear potential for financial or data loss $1,000
Other CSRF (excluding logout CSRF) $250
Other best practice or defense in depth $100
It is better to prevent bad fame and losing users in case when someone will decide to exploit some bugs.
I guess, we could also think about rewarding less serious bugs, which causing that webwallet becomes unresponsive, etc.
What do you think about that?