Unlike prior financial incentives which were awarded only after researchers discovered security issues, these grants will be given in advanced of the research. With “no strings attached,” researchers will be asked to respond to the various vulnerabilities, products and services that google publishes as key focal points, awarding up to £2,000 before the research begins. Participation in this new vulnerability research initiative does not prevent researchers from access to the regular rewards given for uncovering bugs within the google network, the company notes.
“We're looking forward to continuing our close partnership with the security community and rewarding them for their time and efforts in 2015,” google bloggers write optimistically.
For specific rules and guidelines, see the google online security research rules page.