We are now going to include critical and high severity web application vulnerabilities on selected sites. We are giving a range starting at $500 (US) for high severity and, in some cases, may pay up to $3000 for extraordinary or critical vulnerabilities. The new policy will go into effect starting December 15th, 2010 PST, and any new web application bugs will fall under this new policy. It is important to note that nothing else has changed with the original security bounty program and the updated amount was announced back in July.”]