Mozilla has a bounty of $3000 for finding bugs in their Mozilla Firefox 4.0 beta, and Microsoft with it’s nearly endless R&D budget is offering: infamy in a knowledge base article and patch! No cash reward, though. While I wouldn’t do it for the fame or cash, an extra few thousand in the ol’ bank account wouldn’t hurt!
Now if you are just dead-set on being paid for finding a bug in a Microsoft product, there is one possibility that the company holds out for you. Microsoft’s Jerry Bryant says, “While we do not provide a monetary reward on a per-bug basis, like any other industry, we do recognize and honor talent. We’ve had several influential folks from the researcher community join our security teams as Microsoft employees.” So perhaps the free work that you give to Microsoft is just your ticket to a job in Redmond. Then again, perhaps not.