Google’s Vulnerability Reward Program has expanded to also include bug reports on methods threat actors can use to bypass the company’s abuse, fraud, and spam systems. Reports highlighting such abuse techniques submitted to the program will be reviewed by Google’s Trust & Safety team. The amount paid in VRP rewards by Google has almost doubled during 2019 when compared to the $3.4 million paid in 2018 or the total amount paid every single year since the program was launched. Google has paid more than $12 million to security researchers through its VRP, with $6.5 million having been awarded in 2019 alone.
Source: https://www.bleepingcomputer.com/news/security/google-now-pays-for-bugs-used-to-bypass-its-anti-fraud-systems/