Bug Bounties

One good thing that companies are doing this day is paying cash rewards to people who find security vulnerabilities in their software. Discourse and Vanilla do this, although XenForo notably does not.

A cash reward Vanilla paid was $ 300 for a remote code execution vulnerability in a kind of XF to Vanilla converter. This is a bit of an artificial attack and I imagine that something more direct would get a higher payment.