Some additional information from the State of Security Blog:
In an effort to bolster the security and overall functionality of third-party open source software, Google has announced the implementation of a bounty program to reward developers for making improvements to the offerings.
Modled after the company’s Vulnerability Reward Program, the patch bounty incentives seek to go beyond rewarding vulnerability disclosures by offering cash for the creation of solutions for bugs in “key third-party software critical to the health of the entire Internet.”
“We all benefit from the amazing volunteer work done by the open source community. That’s why we keep asking ourselves how to take the model pioneered with our Vulnerability Reward Program — and employ it to improve the security of key third-party software critical to the health of the entire Internet,” Google’s Michal Zalewski said in a blog post on the program.