Vulnerability Research Grant Rules
In January 2015 we launched a new experimental program called Vulnerability Research Grants to complement our long-running Vulnerability Reward Program, with the goal of rewarding security researchers that look into the security of Google products and services even in the case when no vulnerabilities are found.
The program is intended for our top performing, frequent vulnerability researchers as well as invited experts, and we hope it will allow us to reward the security researchers time and attention including the situations when they don't find any vulnerabilities. If, as a result of the grant, a vulnerability is found, then it will also be eligible for a reward under our Vulnerability Reward Program.List of Vulnerability Research Grants Newly launched services and features
This grant is for security research on newly launched features and products. (We will share a list of recently launched products once the grant is awarded.)
Aimed at rewarding researchers looking for new research targets, and curious on what was recently launched by Google. Note the Google product security team reviews new products and services before launch, but we want to support external research and scrutiny.
Grant amounts will vary from $500 USD up to $3,133.7Sensitive product security research
This grant is for security research on an existing Google product considered particularly sensitive (Services listed as Highly Sensitive Services in our VRP page.)
The Google security team works actively with products that are hosted in sensitive HTTP Origins, or that handle particularly sensitive data. However, since a small mistake could have grave consequences, we would like to reward additional efforts spent researching their security.
Grant amounts will vary from $1,337 USD up to $3,133.7