The company said that it will now award $20,000 for any bug that allows code execution on its "production systems". Google will also pay $10,000 for SQL injection bugs as well as for "certain types" of information disclosure, authentication, and authorization bypass bugs. The previous top reward of $3,133.70 now applies to "many types of XSS, XSRF, and other high-impact flaws in highly sensitive applications."
Google said that it has paid out about $460,000 in bug rewards to about 200 individuals and that more than 780 reported bugs received monetary awards so far. Despite the increase in reward money for some bugs, Google said that it will now pay less for vulnerabilities in non-integrated acquisitions and for lower risk issues.
"For example, while every flaw deserves appropriate attention, we are likely to issue a higher reward for a cross-site scripting vulnerability in Google Wallet than one in Google Art Project, where the potential risk to user data is significantly smaller," Adam Mein and Michal Zalewski wrote in a post on Google's Security Blog.
Security researchers can submit vulnerability reports by email via email@example.com.
On serious note, I wish more companies would adopt something similar to Google's tactic of bug-hunting. Nothing more irritating when you submit several well-done bug reports (if there is a bug-reporting system) and then watch that inactive company get smashed in the face a few months later when hackers discover the bugs.
Sounds to me like you don't know what your talking about.
Anyway, it isn't like Google is insecure.. They probably hold the most costly information possible to steal.
Like everybody who has ever used any of its services.. lol.