Dovecot also has a similar guarantee: http://dovecot.org/security.html
As does Mozilla: http://www.mozilla.org/security/bug-bounty.html
Even Facebook is in on the game: http://www.facebook.com/whitehat/bounty/
Bug bountying in general of course started with Donald Knuth: http://en.wikipedia.org/wiki/Knuth_reward_check and has recently become moderately popular as a strategy for increasing open-source code quality: http://www.daemonology.net/blog/2011-09-05-lessons-learned-f...