Google distributed $1.5 million in awards in 2014 for security vulnerability disclosures, money that was spread across 200 different researchers and included disclosures on over 500 bugs in Google’s Chrome Web browser. In total, Google has paid out $4 million in bug bounties since it first began rewarding researchers in 2010.
One thing in common across all of these awards is that they were for research that was already completed. Google is now expanding its scope, by announcing plans to pay researchers for bugs before their research is actually completed. The new program, called the Vulnerability Research Grant, will pay researchers between $500 and $3,133.70.