Starting today:

A vulnerability that could lead to Remote Code Execution (RCE) in Google servers, such as vulnerabilities in Open Source libraries that Google uses (like OpenSSL and OpenSSH for example) will issue a reward for up to $20,000 USD.

A RCE vulnerability on software that Google acquisitions use, such as Apache, drupal, wordpress, could give up to $5k.

Worth noting, Google will fix and report the vulnerabilities with the code owners immediately, and share them with no one else (unlike bug brokers).
Monday, April 23, 2012 11:30 AM. Posted by Adam Mein and Michal Zalewski, Security Team We recently marked the anniversary of our Vulnerability Reward Program, possibly the first permanent program of ...
Ryan Sleevi's profile photoWilliam Chan's profile photo
Add a comment...