Starting today:

A vulnerability that could lead to Remote Code Execution (RCE) in Google servers, such as vulnerabilities in Open Source libraries that Google uses (like OpenSSL and OpenSSH for example) will issue a reward for up to $20,000 USD.

A RCE vulnerability on software that Google acquisitions use, such as Apache, drupal, wordpress, could give up to $5k.

Worth noting, Google will fix and report the vulnerabilities with the code owners immediately, and share them with no one else (unlike bug brokers).
Shared publiclyView activity