Wrote this Vulnerabilities have a price article last year about how a smart programmer stopped giving up hacks for free.  Now we see that Big G has joined the model with a rate card for finding security holes in google.com properties (from Google security blog).  Not sure if Charlie Miller will be enticed by $500 to $3,000 though – seems a bit low in my book.  On the flip side, in the Google post comments, not everyone agrees that paying to find bugs is the best model.  Maybe the prize box should include some pitch and dine time at the Googleplex?