https://www.pcgamer.com/valve-is-paying-hackers-up-to-dollar3000-to-discover-steam-security-flaws/

Valve is offering cash to hackers that can identify security flaws in Steam, and is handing out thousands of dollars to anyone that can find a potentially critical exploit. 

It's paying the rewards through HackerOne, a community of "ethical hackers" that aims to find security problems before they are exploited by criminals. Valve is handing out cash on a sliding scale, rewarding anyone identifying a low-risk flaw with up to $200, right up to a minimum of $2,000 for a "critical" exploit. The ranges are in part determined by a flaw's CVSS score, which is a common standard.