I wanted to give you a bit of a background and some stats for a program that we have been running in Engineering for the past few weeks to improve the security of our websites, services and users. It's called a Security Bug Bounty and is publicly advertised under https://artsy.net/security.
What is it?
It's an opportunity to be a true, publicly recognized hacker without the FBI ever showing up at your door.
A security bug bounty is a formal program for independent security researchers to find bugs in our systems that may cause data loss, account takeovers, spam or other kinds of abuse. If you play by our rules, we pay a small bounty (often 50$) for every new bug found. We might also send you Artsy swag and we will list your name on artsy.net/security if you wish.