Security firm TippingPoint has announced a programme to increase the speed at which new vulnerabilities are announced by paying bounties of up to $20,000 for vulnerability information. 

The Zero Day Initiative will reward security researchers who pay a bounty for information on newly discovered vulnerabilities to discourage them from publicly posting the information. 

If a researcher reports a vulnerability TippingPoint will make an offer for it which can be accepted or refused.

The company also has a membership scheme under which the most prolific bug hunters are awarded bronze, silver, gold or platinum membership.

This gives them increased payouts for vulnerability reports, one-time bonuses of up to $20,000 and expenses paid trips to the Defcon and BlackHat hacking conferences.

TippingPoint believes that researchers often unnecessarily post harmful information that catches businesses and vendors off guard.

Using the Zero Day Initiative it intends to notify affected vendors in the first instance so that they can develop patches more quickly, after which the vulnerabilities will be made public.

TippingPoint recognises that it can often take vendors weeks or months to develop a patch, but stressed that it will be more beneficial to reward researchers for effectively sitting on the information while a patch is developed rather than creating a flurry of interest by going public.

"This programme will extend our research organisation even further, and enable us to tap some of the brilliant minds in the global security research community," said David Endler, director of security research at TippingPoint.

"Prior to the availability of a vendor-supplied solution or patch, our customers will be protected against threats that they are not even aware of."