Posted on bugtraq this morning, google have updated the rules around being rewarded for reporting vulnerabilities in their software or software of certain acquisitions - http://googleonlinesecurity.blogspot.co.uk/2012/04/spurring-more-vulnerability-research.html

If you don't know what this is, the program was originally announced in late 2010 http://www.google.com/about/company/rewardprogram.html

Love the approach, would be interesting to know how much they've paid out.

Don't have time to read the article fully just yet but ...

•Up to $3,133.7 for many types of XSS, XSRF, and other high-impact flaws in highly sensitive applications.

Elite. Google being teh funneh?