Google’s bug bounty program is one of the largest out there and probably commensurate with their size. In fact, in 2018 Google rewarded security researchers from across the globe a total of $3.4 million.
Google reported that from researchers with Ph. D. to hobbyist and academics participated in the program to identify bugs and help Google patch them swiftly.
The Vulnerability Reward Program was started in 2010 and rewards $100 to $200,000 based on the severity of the bug found.
Google Vulnerability Reward Program (VRP) – opportunities galore for bug bounty hunters
The Google VRP covers All on the content on the domains and subdomains of google.com, youtube.com and blogger.com. It also covers bugs found in Google Cloud Platform, Google published apps in both Google Play, iTunes and in Chrome Web Store.
Google also works closely with security and privacy experts in academia and has a grants program where it rewards upto half a million dollars. In 2018, Google awarded the grant to 7 researchers across security and cryptography domains.