Google now maintains two vulnerability reward programs, both launched in 2010. One is for the Chromium project and the other for google.com web applications. We will look at how the security community has responded to the web program and cover various interesting statistics regarding participation. We will summarize how the program has fared, and make recommendations for any companies thinking of launching their own reward program.
http://www.google.com/about/corporate/company/rewardprogram.html