Google has just debuted a new vulnerability rewards program on its Online Security blog.
The blog posting includes some ground rules for how researchers can go about testing for vulnerabilities - basically, anything that crashes their services is out - as well as limiting the types of bugs currently in scope.
Base reward for bugs is USD500, but apparently "unusually clever" ones can rate up to USD3,133.7. Just out of curiosity, it might be interesting to see more about what kind of bug gets rated as 'unusually clever'.
The program only covers Google's web-based properties so far, so any enterprising researchers looking for bugs in the shiny new target of the year - i.e., Android - won't get paid for it. Still, Google has left the door open for later expansion of the program, so who knows.
