Google’s well-known Security Reward Programs have already paid out more than $4 million to researchers who have found security vulnerabilities in Google products, mobile apps sold through Google Play or open source projects. Now the company is adding a new Research Grant Program to the mix. Unlike the bug bounty programs, the research grant will give well-known researchers money upfront before they have found a bug. The idea is to incentivize research on suspected bugs that may or may not exist.
The maximum payout for the new program is $3,133.70. It will only be available to “top performing” researchers looking for bugs in “highly sensitive services.”