Querki should have a formal bug-bounty program

(Bug, Investigate , Priority: High, Test Status: No automated tests yet , Reported By Justin du Coeur, )
Business
Summary: Successful companies usually pay bounties; we should probably do so as well, once we're seriously up and running.
For the moment we can't afford a lot. But we might have things like:
  • A year's membership for non-trivial bugs
  • $100 for the first report of an RSOD
  • Up to $500 for a serious security error such as a solid recipe for an XSS
And so on -- we should be fairly precise, logical and predictable about the balance between severity and payout. And as the company becomes more successful, the bounties should gradually rise.