Bug bounty programs are indispensable tools for finding security vulnerabilities, and are used by major tech companies such as Google and Microsoft. Following an order from the US Army for personnel to stop using DJI drones due to security issues, the company launched its own bug bounty program. Now, one researcher says he found an incredible screw-up, worth $US30,000 ($39,648), but then received extortionate threats from DJI.