Starting today:

A vulnerability that could lead to Remote Code Execution (RCE) in Google servers, such as vulnerabilities in Open Source libraries that Google uses (like OpenSSL and OpenSSH for example) will issue a reward for up to $20,000 USD.

A RCE vulnerability on software that Google acquisitions use, such as Apache, drupal, wordpress, could give up to $5k.

Worth noting, Google will fix and report the vulnerabilities with the code owners immediately, and share them with no one else (unlike bug brokers).
Monday, April 23, 2012 11:30 AM. Posted by Adam Mein and Michal Zalewski, Security Team We recently marked the anniversary of our Vulnerability Reward Program, possibly the first permanent program of ...
Add a comment...