P.S. If I were still doing this professionally, I would have been more careful on the editing and y'all would have been more careful on paying the $200 to $300 promptly. (The sky is the limit on translation if you have a high-value high-difficulty niche, and software security counts for both.)
Yes, they're really low. Starting base salaries for programmers and technical workers in general in "regular" Japanese companies are in average $3M yen (=~ U$36k) with very little variance.
Salaries go up very slowly (but surely) and most engineers and developers will eventually reach a plateau under U$100k. Unlike US companies, there's no way you'll ever earn more than that without changing to management. On the other hand, most companies pay overtime and you have job security.
Exceptions are Japanese financial companies and foreign companies. They tend to pay much more than regular Japanese companies. Still, the only companies that pay on par with US companies are foreign banks and securities houses.
I think people underestimate how good it is to be in US if you're a software developer or IT professional in general.
Japanese salaries for engineers are really, really low compared to American salaries. In Nagoya, the well-known algorithm is about "age times 100k yen", so a 30 year old engineer makes on the order of $36.5k. Opportunities for improving this based on demonstrable ability are very limited when working for Japanese companies. (I hear there are some better options in Tokyo, particularly at foreign companies. Still, published average wages for one of the world's most expensive cities would seem substandard for virtually any American metropolis.)
I've been doing business with some companies in Tokyo recently, and I've come to realize that Nagoya is kind of an anomaly.
Tokyo can command about half-again what we get paid here in Nagoya. Although, that's still well below the average in America, I think.
Also, when looking at those salary rates, you have to make sure to look at SEs, not Programmers -- as there's a huge wage difference between the two (And you and I are definitely not mere programmers ;)
If you've been paying attention to Japan, that's allegedly one of their major problems right now. Young people cannot make decent wages or land job security, or anything else to encourage them to follow the traditional route, because compensation is being assigned largely based on seniority and the seniors are not relinquishing their positions.
I'd be curious how many vulnerabilities he found that followed those three patterns. $13k is actually a lot to earn from the program (the average payout I've received per accepted vulnerability is ~$666). Regardless, those are some very nice finds. :)